search

mikenicholson / passport-jwt

Passport authentication using JSON Web Tokens
MIT License
1.97k stars 215 forks source link

feat(lib/extract_jwt): correctly parse comma terminated token #231

Open jrc2139 opened 2 years ago

jrc2139 commented 2 years ago

My stack is NestJs, Auth0, Passport, and GraphQL. I noticed that the parsed jwt token from the Authorization Header being passed from lib/verify_jwt.js#L4 was including a trailing comma like:

auth_params: {
    scheme: 'Bearer',
    value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c,
  }

This fix just checks if the token terminates with a comma and returns it without the comma.

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
b-o-993 commented 2 years ago

looks good 👏

Outternet commented 2 years ago

This can be easily solved with a custom extractor, see an example of this case in the documentation of my pull request and furthermore this is not standard behaviour of nestjs, so I don't know why this happens to you.