Verify tokens without throwing exceptions #124
Comments
|
Hi @kwando, do you mean something like this? Pseudocode: exp = Time.now.to_i + 4 * 3600
exp_payload = { :data => 'data', :exp => exp }
token = JWT.encode exp_payload, hmac_secret, 'HS256'
decoded_token = JWT.decode token, hmac_secret, true, { :algorithm => 'HS256' }
if JWT.has_error?
puts JWT.get_errors # returns array of errors ['Exp is invalid', 'Algo does not match.']
end |
|
Not with global state like that. exp = Time.now.to_i + 4 * 3600
exp_payload = { :data => 'data', :exp => exp }
token = JWT.encode(exp_payload, hmac_secret, 'HS256')
result = JWT.decode(token, hmac_secret, true, { :algorithm => 'HS256' })
if result.errors?
puts result.errors # returns array of errors ['Exp is invalid', 'Algo does not match.']
end
result.value # returns the decoded claims |
|
@kwando @excpt agreed. It is never nice to use exception for flow control: http://programmers.stackexchange.com/a/189225 The main problem of doing this would be backwards compatibility. |
|
@fabioxgn If we're planning this one correct we introduce simply an API change / break with version 2.0. This shouldn't be a problem. |
|
I'm willing to invest some time into this endeavor. I think the verification API needs an overhaul too and it would be a good to look into that if we are doing a 2.0. |
|
what ever happened to this. It seems like flow control is still managed through exceptions. Am I missing something? |
|
This proposed change didn’t make it into 2.0. This is still an open issue. |
|
@excpt @JoeWoodward i think it would make sense to introduce a new class like DecodedToken with the interface #errors and #value. We can initialize the class at the beginning of JWT#decode method and return at the end. |
|
How can these exceptions be rescued? It just throws a 500 server error when they occur. |
It would be very nice to be able to verify a token without having to rescue exceptions..
The text was updated successfully, but these errors were encountered: