Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Expired or wrong signature?

See original GitHub issue

I need to know exactly why a token failed verification.

Using the jwt.verify function I don’t know the reason as it might be expired or wrongly signed.

So I have implemented the following workaround:

let validationMessage = "ok";
let isValid = false;
try {
  isValid = await jwt.verify(token, SECRET);
  if (!isValid) {
    if (jwtClaims.exp < Math.floor(Date.now() / 1000)) {
      throw new Error('token expired')
    }
    throw new Error('wrong signature')
  }
} catch (error) {
  validationMessage = `jwt verify failed: ${error.message}`;
}

I would like to suggest throwing such errors from jwt.verify and only returning true in case of success (never return false).

I could prepare PR but it’s a breaking change, so I’m not sure if you accept it.

Maybe as a separate verify_unsafe function or add a boolean thow=false flag to the existing func?

What do you think?

Issue Analytics

State:
Created a year ago
Reactions:2
Comments:5 (3 by maintainers)

Top GitHub Comments

2reactions

tsndrcommented, Jun 1, 2022

https://github.com/tsndr/cloudflare-worker-jwt/tree/v1.2.0

We happy now? 😉

2reactions

defudefcommented, Apr 25, 2022

I think, adding an optional flag (false by default) wouldn’t introduce breaking changes and could level up the developer experience for sure.

jwt.verify(token, SECRET) // returns boolean. "throwError" flag set as false by default
jwt.verify(token, SECRET, { throwError: true }) // returns true or throws an error (data type still the same)

I can raise a PR if you’re happy with that.