handle missing token and expired tokens in the custom function
See original GitHub issueHi,
I’m using passport-jwt
to authenticate some endpoints that accept request both with and without a jwt token in the header.
Right now it looks like passport-jwt
handles this by returning a 401
status code when there is no header/authorization in payload.
Would it be possible to handle such logic inside the custom function?
I was originally using my own middleware to handle this, but I couldn’t figure out how to modify the req.user
object without express complaining about having only a getter on req.user
.
Ge
Issue Analytics
- State:
- Created 8 years ago
- Reactions:5
- Comments:8 (1 by maintainers)
Top Results From Across the Web
JWT Token authentication, expired tokens still working, .net ...
I noticed that when I call logout, and then log back in again, the client is sent a new token - as expected....
Read more >Refresh Tokens in ASP.NET Core Web Api - The Blinking Caret
The problem is that any expired JWT token can be used to create a new pair, even an access token that was not...
Read more >Create Custom Tokens | Firebase Authentication - Google
Create custom tokens using a third-party JWT library ; iat, Issued-at time, The current time, in seconds since the UNIX epoch ; exp,...
Read more >JSON Web Token Claims - Auth0
Add custom information stored in an Auth0 user profile to an ID token . As long as the Action is in place, the...
Read more >Acquire and cache tokens with Microsoft Authentication ...
MSAL maintains a token cache (or two caches for confidential client applications) and caches a token after it's been acquired. In many cases, ......
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I used the following middleware to handle at least the situation when mixed authorized and unauthorized access is desired.
And at some later point I use this custom middleware to protect all following routes
I know this is an old issue, I think what you are looking for is the custom callback feature of passport. That is where you handle failed authentication, JWT parse errors, etc. See http://passportjs.org/docs#custom-callback
Your custom callback would have the signature:
If a JWT parse error occurs or the JWT is not valid the user will be false and info will contain the error that
jsonwebtoken
provides explaining why validation of the JWT failed.