-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalid JWT token in local storage will crash App / NbAuthJWTToken #517
Comments
Hey @schuettecarsten, good catch! Thanks for reporting. |
My suggestion to resolve this one would be as following:
@schuettecarsten @alain-charles does this sound as a solution to you? /cc @Tibing |
I think your made an excellent analysis. |
@alain-charles thanks! Agree, |
This sounds absolutely great! 👍 |
I have begun to work on that. So we have to decide what to do. If the token is malformed, maybe it is a misconfiguration of the strategy, maybe a backend problem. What do you think ? |
@alain-charles yes, I completely agree. Just thinking what is the best way to do this.
if the |
I verified.
|
@nnixaa I am getting near a satisfying solution for this issue. If you configure the token as jwt and if backend sends malformed token, you get an error in any case with a detailed message as we decided above:
if the token is well formed but invalid, and if However we are running into concurrent issue between this new
What do you think ? Do we maintain this requireValidToken flag since we decided to reject malformed token and since there is this existing |
@alain-charles since we never released the |
Issue type
I'm submitting a ... (check one with "x")
Issue description
Current behavior:
When login response of a NbPasswordAuthStrategy returns an broken JWT token, it is stored in the local storage without validation. On the next request, the app will fail because NbAuthJWTToken cannot parse the token.
Expected behavior:
A broken token should be rejected during login.
Related code:
See the exception that occurs when token from login response is invalid:
This exception is shown in Console log when the App tries to use the broken Token, the app crashes:
Other information:
npm, node, OS, Browser
Angular, Nebular
The text was updated successfully, but these errors were encountered: