search

timwaters / omniauth-mediawiki

MediaWiki OAuth strategy for Omniauth, used for all wikimedia.org wikis (e.g. commons.wikimedia.org , wikipedia.org) with the oauth extension installed
Other
4 stars 9 forks source link

JWT::DecodeError (Not enough or too many segments) #9

Open angusmcleod opened 4 years ago

angusmcleod commented 4 years ago

Hey @timwaters, we're using this gem in a Wikimedia plugin for Discourse: https://github.com/paviliondev/discourse-wikimedia-auth.

Recently, we've been seeing a number of instances of a JWT::DecodeError (Not enough or too many segments) error in the Discourse server logs. The source is the JWT decoding here: https://github.com/timwaters/omniauth-mediawiki/blob/master/lib/omniauth/strategies/mediawiki.rb#L58

Any insight on what's going on here, i.e. what type of user action or user data produces an invalid JWT?

Relatedly, how would you feel about a PR adding some error catching and logging to this method?

timwaters commented 4 years ago

Hi, I don't know what would be causing it. Perhaps something in https://github.com/jwt/ruby-jwt/issues and different versions? Possibly we need to use a newer version, fix on an older one or apply a workaround based on changes there?

Yes please do feel free to submit PRs. And thanks for using the gem!