Node-jsonwebtoken: SyntaxError instead of JsonWebTokenError

Created on 31 Dec 2019  路  7Comments  路  Source: auth0/node-jsonwebtoken

Description

Sometime verify throws SyntaxError instread of JsonWebTokenError

Reproduction

var jwt = require("jsonwebtoken")
const malformed_token='eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c';

jwt.verify(
        malformed_token,
        'Secret',
        {
          algorithms: [ 'HS256' ],
        }
      );

Environment

Version of this library used: 8.5.1

bug

Most helpful comment

@ziluvatar 馃槗

All 7 comments

@ziluvatar reply please

The payload of that token is not well built, if you try to base64 decode you'll find that it does not contain a JSON payload, you will see something like

{"sub":"1234567890","name":"HX]MLML

@ziluvatar yes , I know, I just told that throwing SyntaxError is not good behavior, instead we must throw JsonWebTokenError

Do you have other idea?

I tagged this and another similar one as bug. I mean, you are right we should raise one of our errors.

@ziluvatar The issue a about stale , Do you have plan to fix it? and the issue tagged as a bug

@ziluvatar 馃槗

I've changed a single line returning default error to JsonWebTokenError type , see if this solves the problem #735

Was this page helpful?
0 / 5 - 0 ratings

Related issues

glowlabs picture glowlabs  路  3Comments

Teebo picture Teebo  路  4Comments

rockchalkwushock picture rockchalkwushock  路  4Comments

BarukhOr picture BarukhOr  路  4Comments

mathellsmelo picture mathellsmelo  路  3Comments