dschenkelman
commented
9 years ago It was just a bit of code, I went ahead and created the PR: https://github.com/brianloveswords/node-jws/pull/24
Open dschenkelman opened 9 years ago
dschenkelman
commented
9 years ago It was just a bit of code, I went ahead and created the PR: https://github.com/brianloveswords/node-jws/pull/24
omsmith
commented
9 years ago Seems it might be for this particular case, given we're trying to parse json within the library.
Seems to me like we shouldn't be attempting to parse json at all though really, better off sending along the utf8 (or otherwise encoded) string and let the consumer/jwt library deal with that.
Would be a breaking change. Thoughts?
santiagoaguiar
commented
8 years ago The header is already checked using safeJsonParse at:
https://github.com/brianloveswords/node-jws/blob/master/lib/verify-stream.js#L23
Given the current behavior where other malformed cases (invalid header, invalid jws) are already returned as null, it seems using safeJsonParse should be the right way to do it.
Given this was raised more than a year ago, my hopes aren't high :).
First of all: awesome library, we use it a lot at Auth0!
Does the issue question make sense? It would require a try/catch around this line: https://github.com/brianloveswords/node-jws/blob/master/lib/verify-stream.js#L71
I think it should as that is how other invalid cases are dealt with. I'm will send the PR if you tell me that is OK.
Thanks!