Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

`UnauthorizedError: jwt expired` being thrown with `credentialsRequired: false`

See original GitHub issue

I believe that according to https://github.com/auth0/express-jwt/pull/47 I should not get this error?

UnauthorizedError: jwt expired
    at /Users/me/gh/api-model/node_modules/express-jwt/lib/index.js:102:22
    at /Users/me/gh/api-model/node_modules/jsonwebtoken/verify.js:27:18

Code:

import jwt from 'express-jwt'

expressApp.use(
  '/graphql',
  jwt({
    ...
    credentialsRequired: false
  }),
  ...
)

Version: "express-jwt": "^5.3.0",

Issue Analytics

  • State:open
  • Created 5 years ago
  • Reactions:20
  • Comments:9

github_iconTop GitHub Comments

33reactions
karellodewijkcommented, Jan 24, 2019

The behavior was changed, caught me by surprise to. When the token is invalid it will now go to the error handler even if {credentialsRequired: false} is set. It used to be that it just continued as an unauthenticated user.

You can go back to the previous behavior by eating the error like so:

var ejwt = require('express-jwt');
app.use(ejwt({secret: config.app.secret, credentialsRequired: false}), function (err, req, res, next) {
  if (err.code === 'invalid_token') return next();
  return next(err);
});
22reactions
pie6kcommented, Aug 11, 2018

@karellodewijk solution seems to work, but it’s weird to create custom error handlers while credentialsRequired is set to false.

Read more comments on GitHub >

github_iconTop Results From Across the Web

I'm getting `UnauthorizedError: jwt malformed at new ...
If I understand this correctly, the way to do this is to add credentialsRequired: false as one of the params to the middleware....
Read more >
JWT expired, unexpected response in nodejs API
Here is when i have the error, the middleware is failling to verify the user and throw me this error jwt expired. This...
Read more >
jwt expired` being thrown with `credentialsRequired: false`
I believe that according to https://github.com/auth0/express-jwt/pull/47 I should not get this error? UnauthorizedError: jwt expired at ...
Read more >
express-jwt - npm
ExpirationHandler (optional): A function to handle expired tokens. credentialsRequired?: boolean (optional): If its false, continue to the ...
Read more >
Secure Access to your Node.js Graphql Server with JWT.
According to jwt.io (JWT Official website), JSON Web Token (JWT) is an ... the credentialsRequired option to false so Express won't throw an ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

"TypeError: cb is not a function" when providing a native async function to options.secret

Next page

question: Custom error handler readme details