Requests missing the jwt do not result in 401 Unauthorized but instead in 400 Bad Request

In [jwt.go:117](https://github.com/labstack/echo-jwt/blob/580269f58c391ca5c13e9bb3237f7912b71bf977/jwt.go#L117) a custom error exists for this purpose to return [401](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/401)

```go
// ErrJWTMissing denotes an error raised when JWT token value could not be extracted from request
var ErrJWTMissing = echo.NewHTTPError(http.StatusUnauthorized, "missing or malformed jwt")
```

But when trying to extract the jwt instead of returning `ErrJWTMissing` another new error is created and returned with status 400.

[jwt.go.258](https://github.com/labstack/echo-jwt/blob/580269f58c391ca5c13e9bb3237f7912b71bf977/jwt.go#L258)
```go
if lastTokenErr == nil {
	return echo.NewHTTPError(http.StatusBadRequest, "missing or malformed jwt").SetInternal(err)
}
```

I think the intention is to do the following instead 
```go
if lastTokenErr == nil {
	return ErrJWTMissing.SetInternal(err)
}
```
... not sure about the .SetInternal(err) though


This behavior seems to be against the definition of 401. Or is there a reason for that?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Requests missing the jwt do not result in 401 Unauthorized but instead in 400 Bad Request #38

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Requests missing the jwt do not result in 401 Unauthorized but instead in 400 Bad Request #38

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions