Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: throw custom error when jws protected header is not valid json #244

Merged
merged 1 commit into from
Aug 16, 2021
Merged

feat: throw custom error when jws protected header is not valid json #244

merged 1 commit into from
Aug 16, 2021

Conversation

trebler
Copy link
Contributor

@trebler trebler commented Aug 16, 2021

This PR adds additional check in JWS verification allowing for catching malformed JWS protected header. Previously, when user provided token which "appeared" like a well-formed JWS, but in reality protected header could not be JSON.parse-d, SyntaxError would be thrown. With this PR, JWSInvalid('JWS Protected Header is invalid') is thrown.

E.g., having JWT (with 1 prepended):

1eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb3NlLXRlc3QiLCJpYXQiOjE2MjkxMDM1NDksImV4cCI6MTY2MDcyNTk0OSwiYXVkIjoiam9zZS10ZXN0Iiwic3ViIjoiam9zZS10ZXN0In0.FWiGkd6idzmcw9JhmLuoOjtnDXhiOOF0bFuPcw4Nn8Y

Previously, when using jwtVerify:

SyntaxError: Unexpected token i in JSON at position 0

was thrown. After this PR, JWSInvalid error with message JWS Protected Header is invalid and can be handled by user.

@panva panva merged commit 1fc79aa into panva:main Aug 16, 2021
@panva
Copy link
Owner

panva commented Aug 16, 2021

@trebler thank you

@trebler trebler deleted the jws-protected-header-parsing-error branch August 16, 2021 10:45
@github-actions github-actions bot locked and limited conversation to collaborators Nov 15, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants