Hapi tries to parse a JWT if provided to the /v1/auth/steamGET and POST endpoints. Due to expired tokens or JWT payload changes, tokens sometimes fail to parse and get rejected. This leads to users not being able to log in anymore.
Removing the optional auth parsing resolves this issue - tokens can safely be ignored on those two endpoints, user information is not required either.
https://github.com/MorpheusXAUT/slotlist-backend/blob/8e8f224f998a28c53eda1cb02ff3a3e2445f368b/src/api/routes/v1/auth.ts#L16-L19 https://github.com/MorpheusXAUT/slotlist-backend/blob/8e8f224f998a28c53eda1cb02ff3a3e2445f368b/src/api/routes/v1/auth.ts#L45-L48
Hapi tries to parse a JWT if provided to the
/v1/auth/steamGETandPOSTendpoints. Due to expired tokens or JWT payload changes, tokens sometimes fail to parse and get rejected. This leads to users not being able to log in anymore.Removing the optional auth parsing resolves this issue - tokens can safely be ignored on those two endpoints, user information is not required either.