-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Raise jws.decode error to avoid confusion with "invalid token" error #294
Conversation
jws.decode() never throws an error. At least, in its current version. However, if it were to throw an exception, the diagnostics would be indistinguishable from a soft failure to decode a token. I had an extra trailing space on my JWT and it took me some additional debugging work to trace the actual root cause because the error message was not distinct.
Hi @evolvah ! What do you think to simply forward the unexpected error? We do that in other places for calling If that's ok for you, can you modify your commit/PR message as well to reflect the new change? |
…aller. Currently, jws.decode never throws an exception. The change is made per discsussion in the original PR
That's a good idea! Please see the latest update to this PR, @ziluvatar. |
I do like PRs with negative net LOC count :) |
Me too!!! But it seems I expressed my suggestion badly :(
It is not negative net LOC count but some letters are removed ;) |
Ah, I see now! Let me make the change and add a test case. Once I'm done, I will update the PR. |
…own from jws.decode
Done! With a new test case being added. |
test/jwt.hs.tests.js
Outdated
@@ -77,6 +77,21 @@ describe('HS256', function() { | |||
done(); | |||
}); | |||
}); | |||
}); | |||
|
|||
describe('should fail verification graceflly with trailing space in the jwt', function() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
typo, gracefully
Thanks for the new test :)
Modify that and I'll merge.
Bummer! Fixed the typo, updated the PR. Ready to merge. |
Thanks @evolvah 👏 , I modified the PR description to make more explicit the change. |
jws.decode() never throws an error. At least, in its current version. However, if it were to throw an exception, the diagnostics would be indistinguishable from a soft failure to decode a token. I had an extra trailing space on my JWT and it took me some additional debugging work to trace the actual root cause because the error message was not distinct.