Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Schema Custom Validation Fails Checking If Is JWT Token

See original GitHub issue

I have a schema validation like this one:

token: {
        in: ['body', 'header'],
        isJWT: true,
        optional: false,
        custom: { 
             options: async (value, { req }) => { 
                     const token = req.body.token || req.headers.authentication&& req.headers.authentication.split(' ')[1]; // Authentication: Bearer {token}
                     const isValidJWT = validator.isJWT(token) // returns true
                     return canUseThisToken(token) // It's a boolean method from app, works
             }
        },
       errorMessage: 'The token is invalid'
}

The problem is I noticed the isJWT from schema does not validates correctly the token when it comes from the body, but not when it comes from the header. And I receive the error message. But the token is valid, using the same validation lib.

Once I remove the isJWT from the schema validation, it works well.

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:5 (2 by maintainers)

github_iconTop GitHub Comments

1reaction
gustavohenkecommented, Jun 1, 2019

Ah. So the token would need to be valid everywhere it is present. This is a security measure – see #331 for context.

So you seem to be doing some parsing to the token when it come from headers: Bearer {token}.

This is not valid JWT. One option is to omit it from either req.body or req.headers. Or, you could use a custom sanitiser to split the value before it’s validated:

token: {
	in: ['body', 'headers'],
	customSanitizer: {
		options: (value, { location }) => {
			return location === 'headers' ? value.split(' ')[1] : value;
		}
	},
	isJWT: true,
}

Hope it helps 😃

0reactions
lock[bot]commented, Jul 31, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

Read more comments on GitHub >

github_iconTop Results From Across the Web

How to check error when validating jwt token using validate ...
According to my research, If you use HS256 signing algorithms, the key must be provided inline within the policy in the base64 encoded...
Read more >
Troubleshooting JWT validation - Google Cloud
This page provides troubleshooting information if the JWT validation fails and ESP returns an error in the response to the client. See RFC...
Read more >
JSON web token (JWT) validation - Akamai TechDocs
Based on your JWT claim configuration, API Gateway checks the token for presence of reserved and custom claims you specified as required.
Read more >
Validate JSON Web Tokens - Auth0
For obtaining claims from JWT, use the verify() method to validate the claims and the signature. Avoid using the decode() method to validate...
Read more >
.NET 6.0 - Create and Validate JWT Tokens + Use Custom ...
Below is custom JWT middleware that validates the JWT token contained in the request "Authorization" header (if it exists). On successful JWT ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Calling imperatively from controller does not work

Next page

How to use custom validator for nested validate