trying test expired token
haromy opened this issue · comments
I'm trying testing expired token
test via postman
after login, I'm waiting for 5 minutes, for testing token expired
but get a response like this one
{
"errors": [
{
"debugMessage": "invalid-jwt | The iss do not match with this server",
"message": "Internal server error",
"extensions": {
"category": "internal"
},
"locations": [
{
"line": 2,
"column": 3
}
],
"path": [
"generalSettings"
]
}
],
"data": {
"generalSettings": null
}
}
is there anything I'm missing for setup?
@haromy are you using the token on a different URL than you are getting the token from? the iss is the issuer and is the domain that issued the token.
This error means that the domain encoded in the token by the server that issued the token doesn't match the server that's trying to decode and use the token.
Did you get a token from a staging server and use it on a production server or something along those lines?
hi @jasonbahl
I'm not using a different URL, still on the same URL
and after 2 hours for checking in the source code, I'm found issue from this code
in source code src/Auth.php line 574
$token = new \WP_Error( 'invalid-secret-key', $exception->getMessage() );
I`m changing it to
return new \WP_Error( 'invalid-secret-key', $exception->getMessage() );
in source code wp-graphql-jwt-authentication.php line 200
throw new \Exception( $token->get_error_code() . ' | ' . $token->get_error_message() );
I`m changing it to
throw new UserError( __( $token->get_error_message(), 'wp-graphql-jwt-authentication' ) );
I saw on the source code src/Auth.php for function validate_token, when try validate decode token, and got exception (e.g : expired token)
it's set $token from WP_Error rather than return it, that's cause when processing function on line 588 to 607 will throw error like I metion on my first message,
so, is good to move source code line 588 - 607 inside try catch on line 571 - 574, and on catch just need throw exception
after change the code like on top, the response change to
{
"errors": [
{
"message": "Expired token",
"extensions": {
"category": "user"
},
"locations": [
{
"line": 2,
"column": 3
}
],
"path": [
"generalSettings"
]
}
],
"data": {
"generalSettings": null
}
}
I'm still trying figure out how to change http status to 401 (Token Expired).
I'm still trying figure out how to change http status to 401 (Token Expired).
You can set self::set_status( 401 ); before returning WP_Error
Hi @haromy, is there any progress in this problem? It is still returns a debug message "invalid-jwt | The iss do not match with this server" with 200 http response code.
I opened #137. Though no commits in this repo since August last year doesn't seem promising - is anyone still maintaining this plugin?
I also had this error and fixed it. The error is not from the plugin. In my ReactJs code there is a problem. Need to check and delete localStorage when token expires.
I'm experiencing this same problem. Would love to know the status of this repo and if its abandoned or not.
@eavonius I've not been actively using it myself in projects, so it's been stale for sure.
I realize it's important to a lot of folks in the WPGraphQL ecosystem, so I'll try to keep it a bit better updated, but I would also encourage forks or other solutions that solve the same problem.
I would love to see other solutions from the community that don't rely an me as a bottleneck.
I've not been actively using it myself in projects, so it's been stale for sure
@jasonbahl What have you been using? :)
@grazianodev a lot of the stuff I personally work on uses WPGraphQL in the admin area of WordPress, so I use the existing logged in user cookie.
For example, how the GraphiQL IDE in the WP Admin works: https://github.com/wp-graphql/wp-graphql/blob/develop/packages/wpgraphiql/utils/fetcher.js#L11-L23