Fix: jwt.decode does throw, check null instead

auth0 · Feb 6, 2023 · ef67256 · ef67256
1 parent 00763fa
commit ef67256
Showing 1 changed file with 3 additions and 6 deletions.
diff --git a/src/index.ts b/src/index.ts
@@ -160,12 +160,9 @@ export const expressjwt = (options: Params) => {
         }
       }
 
-      let decodedToken: jwt.Jwt;
-
-      try {
-        decodedToken = jwt.decode(token, { complete: true });
-      } catch (err) {
-        throw new UnauthorizedError('invalid_token', err);
+      const decodedToken = jwt.decode(token, { complete: true });
+      if (!decodedToken) {
+        throw new UnauthorizedError('invalid_token', { message: 'The token could not be decoded.' });
       }
 
       const key = await getVerificationKey(req, decodedToken);