-
Notifications
You must be signed in to change notification settings - Fork 376
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Verify tokens without throwing exceptions #124
Comments
Hi @kwando, do you mean something like this? Pseudocode: exp = Time.now.to_i + 4 * 3600
exp_payload = { :data => 'data', :exp => exp }
token = JWT.encode exp_payload, hmac_secret, 'HS256'
decoded_token = JWT.decode token, hmac_secret, true, { :algorithm => 'HS256' }
if JWT.has_error?
puts JWT.get_errors # returns array of errors ['Exp is invalid', 'Algo does not match.']
end |
Not with global state like that. exp = Time.now.to_i + 4 * 3600
exp_payload = { :data => 'data', :exp => exp }
token = JWT.encode(exp_payload, hmac_secret, 'HS256')
result = JWT.decode(token, hmac_secret, true, { :algorithm => 'HS256' })
if result.errors?
puts result.errors # returns array of errors ['Exp is invalid', 'Algo does not match.']
end
result.value # returns the decoded claims |
@kwando @excpt agreed. It is never nice to use exception for flow control: http://programmers.stackexchange.com/a/189225 The main problem of doing this would be backwards compatibility. |
@fabioxgn If we're planning this one correct we introduce simply an API change / break with version 2.0. This shouldn't be a problem. |
I'm willing to invest some time into this endeavor. I think the verification API needs an overhaul too and it would be a good to look into that if we are doing a 2.0. |
what ever happened to this. It seems like flow control is still managed through exceptions. Am I missing something? |
This proposed change didn’t make it into 2.0. This is still an open issue. |
@excpt @JoeWoodward i think it would make sense to introduce a new class like DecodedToken with the interface #errors and #value. We can initialize the class at the beginning of JWT#decode method and return at the end. |
How can these exceptions be rescued? It just throws a 500 server error when they occur. |
It would be very nice to be able to verify a token without having to rescue exceptions..
The text was updated successfully, but these errors were encountered: