Expired Token produces InternalServerError

ToastShaman / dropwizard-auth-jwt

A Dropwizard authentication filter using JSON Web Token (JWT)

Apache License 2.0

116 stars 50 forks source link

Expired Token produces InternalServerError #9

Closed McPringle closed 9 years ago

McPringle commented 9 years ago

An expired token leads into an InternalServerError. That is really bad because it will result in HTTP status code 500 and the client thinks the failure is on the server side. Returning a 401 Unauthorized is much better.

JWTAuthFactory: line 115 to 117

MartinSahlen commented 9 years ago

Yes, this is indeed not a good design choice. As this obviously is an error induced by a bad request, it should definitely return a response in the 4xx range, and the most appropriate and generic is a 401 as you state @McPringle.

ToastShaman commented 9 years ago

Yes, totally agree @McPringle.

Can you give the latest commit a try and see whether that works for you?

I've applied the fix for the 0.8.x branch.

McPringle commented 9 years ago

Hi @ToastShaman

Your fix works perfectly! Thanks for your amazing fast response!