It would be very nice to be able to verify a token without having to rescue exceptions

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

Not with global state like that. <div class="highlight highlight-source-ruby notra

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Verify tokens without throwing exceptions about ruby-jwt HOT 10 OPEN

jwt commented on August 27, 2024

Verify tokens without throwing exceptions

from ruby-jwt.

Comments (10)

ab320012 commented on August 27, 2024 1

@excpt @JoeWoodward i think it would make sense to introduce a new class like DecodedToken with the interface #errors and #value. We can initialize the class at the beginning of JWT#decode method and return at the end.

from ruby-jwt.

Tonyynot14 commented on August 27, 2024 1

How can these exceptions be rescued? It just throws a 500 server error when they occur.

from ruby-jwt.

excpt commented on August 27, 2024

Hi @kwando,

do you mean something like this?

Pseudocode:

exp = Time.now.to_i + 4 * 3600
exp_payload = { :data => 'data', :exp => exp }

token = JWT.encode exp_payload, hmac_secret, 'HS256'

decoded_token = JWT.decode token, hmac_secret, true, { :algorithm => 'HS256' }

if JWT.has_error?
  puts JWT.get_errors # returns array of errors ['Exp is invalid', 'Algo does not match.']
end

from ruby-jwt.

kwando commented on August 27, 2024

Not with global state like that.

exp = Time.now.to_i + 4 * 3600
exp_payload = { :data => 'data', :exp => exp }

token = JWT.encode(exp_payload, hmac_secret, 'HS256')

result = JWT.decode(token, hmac_secret, true, { :algorithm => 'HS256' })

if result.errors?
  puts result.errors # returns array of errors ['Exp is invalid', 'Algo does not match.']
end

result.value # returns the decoded claims

from ruby-jwt.

fabioxgn commented on August 27, 2024

@kwando @excpt agreed. It is never nice to use exception for flow control: http://programmers.stackexchange.com/a/189225

The main problem of doing this would be backwards compatibility.

from ruby-jwt.

excpt commented on August 27, 2024

@fabioxgn If we're planning this one correct we introduce simply an API change / break with version 2.0. This shouldn't be a problem.

from ruby-jwt.

kwando commented on August 27, 2024

I'm willing to invest some time into this endeavor. I think the verification API needs an overhaul too and it would be a good to look into that if we are doing a 2.0.

from ruby-jwt.

excpt commented on August 27, 2024

@kwando Looking forward seeing your ideas.

You may have a look at #110 for a more advanced discussion into the 2.0 verification API.

from ruby-jwt.

JoeWoodward commented on August 27, 2024

what ever happened to this. It seems like flow control is still managed through exceptions. Am I missing something?

from ruby-jwt.

excpt commented on August 27, 2024

This proposed change didn’t make it into 2.0. This is still an open issue.

from ruby-jwt.

Recommend Projects

Verify tokens without throwing exceptions about ruby-jwt HOT 10 OPEN

Comments (10)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent