Comments (10)
@excpt @JoeWoodward i think it would make sense to introduce a new class like DecodedToken with the interface #errors and #value. We can initialize the class at the beginning of JWT#decode method and return at the end.
from ruby-jwt.
How can these exceptions be rescued? It just throws a 500 server error when they occur.
from ruby-jwt.
Hi @kwando,
do you mean something like this?
Pseudocode:
exp = Time.now.to_i + 4 * 3600
exp_payload = { :data => 'data', :exp => exp }
token = JWT.encode exp_payload, hmac_secret, 'HS256'
decoded_token = JWT.decode token, hmac_secret, true, { :algorithm => 'HS256' }
if JWT.has_error?
puts JWT.get_errors # returns array of errors ['Exp is invalid', 'Algo does not match.']
end
from ruby-jwt.
Not with global state like that.
exp = Time.now.to_i + 4 * 3600
exp_payload = { :data => 'data', :exp => exp }
token = JWT.encode(exp_payload, hmac_secret, 'HS256')
result = JWT.decode(token, hmac_secret, true, { :algorithm => 'HS256' })
if result.errors?
puts result.errors # returns array of errors ['Exp is invalid', 'Algo does not match.']
end
result.value # returns the decoded claims
from ruby-jwt.
@kwando @excpt agreed. It is never nice to use exception for flow control: http://programmers.stackexchange.com/a/189225
The main problem of doing this would be backwards compatibility.
from ruby-jwt.
@fabioxgn If we're planning this one correct we introduce simply an API change / break with version 2.0. This shouldn't be a problem.
from ruby-jwt.
I'm willing to invest some time into this endeavor. I think the verification API needs an overhaul too and it would be a good to look into that if we are doing a 2.0.
from ruby-jwt.
@kwando Looking forward seeing your ideas.
You may have a look at #110 for a more advanced discussion into the 2.0 verification API.
from ruby-jwt.
what ever happened to this. It seems like flow control is still managed through exceptions. Am I missing something?
from ruby-jwt.
This proposed change didn’t make it into 2.0. This is still an open issue.
from ruby-jwt.
Related Issues (20)
- Drop the custom Base64 encode and decode to favour the built-in methods
- Are there breaking changes between 1.x and 2.x? HOT 2
- Possibility to override the alg header when encoding tokens HOT 2
- Bug: undefined method `casecmp' for nil:NilClass when invalid alg
- Support x5t in place of kid
- verification of at_hash == access_token HOT 4
- OpenSSL 3 - Unable to create OpenSSL::PKey instances from pem/der/asn sequences HOT 1
- Alg optional member Readme HOT 5
- Yeah steady stay
- 50
- 100 HOT 2
- How should I verify JWS with x5c certs with no CRL? HOT 6
- جدة
- JWT not being signed HOT 2
- Deprecation warning for invalid base64 should only be issued if fixed base64 is valid HOT 2
- شارع الربعين HOT 5
- H
- eyJhbGciOiJub25lIn0.eyJhZGRyZXNzIjp7InppcGNvZGUiOm51bGwsInN0cmVldG5vIjpudWxsLCJjaXR5IjoiQUwtQUZMQUciLCJzdHJlZXQiOm51bGx9LCJ0b2tlblVVSUQiOiI3Zjk1Yzc0ZDA3Y2M0OGI1OWNlNzhlYzBlZTU.
- T
- ExpiredSignature should perhaps not be a subclass of DecodeError HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ruby-jwt.