-
Notifications
You must be signed in to change notification settings - Fork 213
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Providing custom message when failed to extract token #84
Comments
I think you're looking for the Custom Callback functionality of the Passport module. |
Sure, I can go and check if the authorization header exists before triggering the passport middleware. But why don't we put it into the strategy extraction method itself? Something like: |
This is not the point of the extractor function and a violation of single responsibility pattern. The extractor function is only responsible for extracting the JWT from the request if it exists. There is no need to check the request for the authorization header before triggering passport. The decision of what to do if the JWT is missing takes places in the strategy's authenticate() method.. Right now it returns a generic error which you can then catch and handle in the custom callback register via passports Custom Callback functionality. That is where I recommend providing the custom error response. The potential improvements I see in this area are:
|
Let me know if this covers your use case. If you have a suggestion I am open to pull requests or we can create a feature request to address the need. Thanks for using the module and I appreciate any feedback!. |
Haven't heard anything in a few days. Closing for now. |
Hello. Cannot understand how to set custom error message for different errors and how can I embed JWT black list to this strategy? Thanks for answer |
@GeekEdem Sorry to sound like a broken record but handling custom error messages is explained here: http://passportjs.org/docs#custom-callback and if you want to blacklist JWTs you can put that logic into the passport.use(new JwtStrategy(opts, function(jwt_payload, done) {
if ( is_jwt_blacklisted(jwt_payload) ) {
return done(err, false);
}
else {
// jWT is not blacklisted, look up a user or
// whatever else you were planning on doing with a
// valid JWT
}
}); note that |
@themikenicholson Here is my solution, if someone need)
this method I use as middleware in express. |
@themikenicholson
If token extraction failed, the custom error is placed in the "info" parameter. Is this by design? Shouldn't it be at the "err" parameter? Update: I will continue with Issue #75 |
You can check for Error string in info to catch and provide custom messages.
|
Manteiners should add this "info" param and examples to the http://www.passportjs.org/packages/passport-jwt/ docs. I could't find the error until i read this issue. Thanks |
Are there any support for this ?
The text was updated successfully, but these errors were encountered: