JWT middleware not handling error when expired
memwey opened this issue · comments
Hi,
I found that in iris JWT middleware, if the JWT token is expired, a http statuscode 200 with empty response body will be returned. That's because the following code didn't call the errorHandler.
Lines 207 to 213 in e89d32e
Yes @memwey thanks for that. I've just finished the Iris and neffos latest touches for the new release and I will take a look on this, I see that you opened a PR at: #51 --- good job on this. I did approve it and it's merged it seconds ago.
But just to know, I don't really like the jwt middleware as it behaves now, with logf and error handler ( it's a community-driven middleware) but the original author are offline for a long time... so I will make a small changes there: #51
The jwt/Config.Debug
and logf
will be removed and be linked with iris.Application.Logger().SetLevel("debug") ? Logger().Debugf(...) : nothing
.
The jwt/Config.ErrorHandler
could be also replaced with ErrCode
linked with iris.Application.OnErrorCode
but I will just change its second input argument which is just a string
to an error
so you can switch for error types and make a specific decision based on that, the rest will let it as they are because I don't want to introduce heavy changes here.
Thank you a lot!