When I use an invalid JWT through the revocation middleware, it should suppress the JWT::DecodeError as JWT::ExpiredSignature. This will allow to handle properly on the receiving part of the request and generate a proper HTTP status.
Actual behavior
When I use an invalid JWT through the revocation middleware, it raises an exception JWT::DecodeError, since this middleware will resolve after the response was generated occurring in a 500 HTTP status and not preserving any HTTP status previously defined.
Expected behavior
When I use an invalid JWT through the revocation middleware, it should suppress the
JWT::DecodeError
asJWT::ExpiredSignature
. This will allow to handle properly on the receiving part of the request and generate a proper HTTP status.Actual behavior
When I use an invalid JWT through the revocation middleware, it raises an exception
JWT::DecodeError
, since this middleware will resolve after the response was generated occurring in a 500 HTTP status and not preserving any HTTP status previously defined.Steps to Reproduce the Problem
JWT::DecodeError
Debugging information