Missing cookie causes CookieTokenExtractor to return error

[simonrobb]

Describe the problem

I'm using the CookieTokenExtractor and when the named cookie is not present in the request, the following error is returned: error extracting token: http: named cookie not present.

The Cookie method on http.Request returns a ErrNoCookie error when the cookie doesn't exist, and that result is being directly returned by the extractor code.

What was the expected behavior?

I would expect that when the named cookie isn't present, the extractor returns no error (and an empty token). This would put its behaviour in line with the AuthHeaderTokenExtractor.

Reproduction

1. Use the CookieTokenExtractor, and don't pass a cookie with the provided name.
2. Check the error returned to the errorHandler.

Environment

go-jwt-middleware v2.0.1

[simonrobb]

Suggested fix in this commit: https://github.com/auth0/go-jwt-middleware/commit/451a80238baa51c6bb83085da763a6f160402f26

[simonrobb]

Any comment on this proposal?

This comment in middleware.go further suggests this is not the expected behavior: https://github.com/auth0/go-jwt-middleware/blob/master/middleware.go#L61.

[sergiught]

Hey @simonrobb 👋🏻 apologies for the delay in getting back to you. I'll have some time to take a look at this next week.

[sergiught]

Hey @simonrobb I was able to fix this in https://github.com/auth0/go-jwt-middleware/pull/172/ and it will be available in the next release. Before cutting it, I wanna tackle a few more issues and improvements, so stay tuned!

Thanks again for raising this!

I'll close this down once we make the release.

[simonrobb]

Thanks @sergiught, that's great to hear!

[sergiught]

Hey @simonrobb 👋🏻 this is now available within https://github.com/auth0/go-jwt-middleware/releases/tag/v2.1.0. Thanks for your patience!

[simonrobb]

Great work @sergiught, thank you!