search

waiting-for-dev / warden-jwt_auth

JWT token authentication with warden
MIT License
113 stars 56 forks source link

JWT::DecodeError must be suppressed as JWT::ExpiredSignature is #38

Closed brunoarueira closed 2 years ago

brunoarueira commented 2 years ago

Expected behavior

When I use an invalid JWT through the revocation middleware, it should suppress the JWT::DecodeError as JWT::ExpiredSignature. This will allow to handle properly on the receiving part of the request and generate a proper HTTP status.

Actual behavior

When I use an invalid JWT through the revocation middleware, it raises an exception JWT::DecodeError, since this middleware will resolve after the response was generated occurring in a 500 HTTP status and not preserving any HTTP status previously defined.

Steps to Reproduce the Problem

  1. Configure this gem
  2. Send an invalid JWT
  3. Receives an exception about JWT::DecodeError

Debugging information

waiting-for-dev commented 2 years ago

Trying to understand. Isn't it the other way round? We're catching JWT::DecodeError here:

https://github.com/waiting-for-dev/warden-jwt_auth/blob/09c78d747cab802180e4d93a14cc33cf313e27d0/lib/warden/jwt_auth/strategy.rb#L22

waiting-for-dev commented 2 years ago

Closing, feel free to follow up, though.