While investigating an auth issue in our application, I noticed a potential bug with the token expiry decoding. Since the token is stored prefixed by the token type, the decodeJwt method attempts to decode this with the prefix. This should lead to an error, however the jwt-decode library does not actually check for the structure of the token.
I believe this should be fixed anyway, as the potential for issue is high, however it is not currently broken. That is why this PR is only a test to ensure that the expiration works as intended.
As a sidenote, I am disappointed with how difficult this library is to test, considering the importance of auth. The side effects littered throughout the modules ensure that actual validation of the library is made cumbersome.
While investigating an auth issue in our application, I noticed a potential bug with the token expiry decoding. Since the token is stored prefixed by the token type, the
decodeJwtmethod attempts to decode this with the prefix. This should lead to an error, however thejwt-decodelibrary does not actually check for the structure of the token.I believe this should be fixed anyway, as the potential for issue is high, however it is not currently broken. That is why this PR is only a test to ensure that the expiration works as intended.
As a sidenote, I am disappointed with how difficult this library is to test, considering the importance of auth. The side effects littered throughout the modules ensure that actual validation of the library is made cumbersome.