JWT verifier: do not return 404 error on not found identity - Githubissues

feathersjs-ecosystem / authentication-jwt

[MOVED] JWT authentication strategy for feathers-authentication using Passport

https://github.com/feathersjs/feathers

MIT License

30 stars 10 forks source link

JWT verifier: do not return 404 error on not found identity #63

Closed mgesmundo closed 6 years ago

mgesmundo commented 6 years ago

Hi there,

I think that the verifier should not return the error on 404 finding a missing identity. The use case:

get a valid token with a valid user
get a request for an endpoint with this token -> ok
delete the user
make a new request with the same token -> 404

I think that the verifier should return 401 with Unknown user. It is a wrong though? All the best!

daffl commented 6 years ago

If that is the desired behaviour for your application you can customize the JWT verifier.

mgesmundo commented 6 years ago

Yes of course I customized the verifier. My thought was only on what was the best error message for the use case: maybe they are both correct. Thank you for your awesome framework!

daffl commented 6 years ago

Thanks. I think we leave it like it is for now since it is a potentially breaking change and there is a fairly straightforward solution.