Open dschenkelman opened 9 years ago
It was just a bit of code, I went ahead and created the PR: https://github.com/brianloveswords/node-jws/pull/24
Seems it might be for this particular case, given we're trying to parse json within the library.
Seems to me like we shouldn't be attempting to parse json at all though really, better off sending along the utf8 (or otherwise encoded) string and let the consumer/jwt library deal with that.
Would be a breaking change. Thoughts?
The header is already checked using safeJsonParse
at:
https://github.com/brianloveswords/node-jws/blob/master/lib/verify-stream.js#L23
Given the current behavior where other malformed cases (invalid header, invalid jws) are already returned as null
, it seems using safeJsonParse
should be the right way to do it.
Given this was raised more than a year ago, my hopes aren't high :).
First of all: awesome library, we use it a lot at Auth0!
Does the issue question make sense? It would require a try/catch around this line: https://github.com/brianloveswords/node-jws/blob/master/lib/verify-stream.js#L71
I think it should as that is how other invalid cases are dealt with. I'm will send the PR if you tell me that is OK.
Thanks!