Invalid JWT token results in 500 Internal Server Error #1329

nguilford · 2016-06-22T18:03:00Z

Submitting a poorly formatted jwt token results in a 500 Internal Server Error instead of a 401.

Kong Version: 0.8.3

Platform: CentOS on Docker (from mashape/kong:0.8.3 docker image)

Steps to reproduce:

Create a new proxy api in kong
Enable jwt for your new api
Submit a request to your proxy api with the following header "Authorization: Bearer X"

Result:
500 Internal Server Error

Expected:
401 Unauthorized or 403 Forbidden

It looks like this is known, given the TODO on line 70 of kong/plugins/jwt/handler.lua in #1247. Since it's not clear whether or not it will be addressed in that PR, I am opening this issue to track it separately.

Garethp · 2016-06-24T09:26:04Z

If PR #1333 gets merged in to #1247, this will be addressed

Tieske · 2016-07-13T17:36:50Z

fixed in #1362

subnetmarco added the area/plugins label Jun 23, 2016

Tieske self-assigned this Jul 13, 2016

Tieske added this to the 0.9 milestone Jul 13, 2016

Tieske closed this as completed Jul 13, 2016

Tieske reopened this Jul 13, 2016

Tieske closed this as completed Jul 13, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Invalid JWT token results in 500 Internal Server Error #1329

Invalid JWT token results in 500 Internal Server Error #1329

nguilford commented Jun 22, 2016

Garethp commented Jun 24, 2016

Tieske commented Jul 13, 2016

Invalid JWT token results in 500 Internal Server Error #1329

Invalid JWT token results in 500 Internal Server Error #1329

Comments

nguilford commented Jun 22, 2016

Garethp commented Jun 24, 2016

Tieske commented Jul 13, 2016