ExpiredException throws 500 error

[btaens]

Hello, great plugin, very useful.

The plugin uses firebase JWT to authenticate based on the given token.
However, if the token is expired, firebase throws an ExpiredException, which results in a generic 500 error code.

This can make things problematic when trying to connect the backend with a client-side frontend, as RESTful apps generally check for a 401 error to know they need a new login. A 500 error can mean anything. Yes, a good client-side program can just know when it needs to throw away the token, but with RESTful APIs it is assumed it will serve a wide variety of client-side apps.

[bravo-kernel]

FWIW I remember having tested token expiration using this plugin and it responded with the correct error code (I believe it was 419) and not a 500 error. Are you sure you are testing the right way?

[btaens]

Positive. I am looking at it right now.
The client side program does make a .json extension request though.
Perhaps it handles mapped resources differently?

[ADmad]

Are you checking with debug on or off?

[ADmad]

With debug on the authenticate class throws the same exception which Jwt lib throws (for which cake most likely returns 500 status).

With debug off you will get UnauthorizedException with 401 status (if JwtAuthenticate is the last authenticate class in list provided for authenticate config of AuthComponent.

[btaens]

Yup, you're right.
Works correctly with debug off.
Is there a way around this, though? Makes testing pretty difficult.

[ADmad]

You can provide a patch to make this behavior configurable. Here's where you will need to add extra check.