The jwt verify action will log in console the error but I believe it should return the error as the error type will define next actions.
The action returns a payload which is null when it failed to verify, you can use that in a condition.
Yeah, I know but there are two main errors that are returned by the library: malformed/invalid jwt and expired/notbefore jwt. As they are handled exceptions they provide valuable information.
If I get a malformed jwt I will want to proceed with actions that may include security measures. If I get an expired jwt I may want to redirect the user to a “resend verification email”.
For additional context here you have my SC to handle account activation.
And this is the modified verify function to return the err object if it catches it. But better if you can implement it in the core in the way you believe it’s better as I believe it’s useful information.
exports.verify = function (options) {
const jwt = require('jsonwebtoken');
options = this.parse(options);
let payload = null;
try {
payload = jwt.verify(options.token, options.key, options);
} catch (err) {
const debug = require('debug')('server-connect:jwt');
debug('jwt verify failed: %o', err);
return { err }
}
return payload
};
JWT are very useful not only to authenticate between services but to create URL friendly tokens for account activation, password reset via one-time tokens…
To make it backwards compatible you could add it as an option with a new rule(return jwt errors) as people may have a condition on the result not being empty.
This has been fixed in Wappler 4.6
This topic was automatically closed after 47 hours. New replies are no longer allowed.