Expired token would crash application if the config JWT_VERIFY_EXPIRATION set to False with default token decode handler
Even when JWT_VERIFY_EXPIRATION is to False, the token would still be decode with TimedJSONWebSignatureSerializer, so if the token is expired a SignatureExpired will be threw out, and the local variable result in function _default_decode_handler would not be initialized, which would cause UnboundLocalError in function _default_decode_handler.
Expired token would crash application if the config
JWT_VERIFY_EXPIRATION
set toFalse
with default token decode handlerEven when
JWT_VERIFY_EXPIRATION
is toFalse
, the token would still be decode withTimedJSONWebSignatureSerializer
, so if the token is expired aSignatureExpired
will be threw out, and the local variableresult
in function_default_decode_handler
would not be initialized, which would causeUnboundLocalError
in function_default_decode_handler
.