Consider more precise exception declarations for JwtConsumer claim processing
Currently the JwtConsumer.processToClaims method throws InvalidJwtException for any failure to validate a token. It would be useful if there was a clear distinction between an exception thrown due to the JwtConsumer being unable to read the token (e.g., unresolvable key) vs. an exception thrown due when the token is successfully processed but is not valid (e.g., token has expired).
In some cases the cause field is populated with a root exception cause, however this doesn't appear to be consistently done.
I have a situation where there may be several active JwtConsumers (due to accepting tokens from a variety of sources) and would like to be able to know whether it's necessary to try the next consumer after one consumer fails to validate a token.
Comments (3)
-
repo owner -
repo owner The two pass consumption approach might also be helpful in accepting tokens from a variety of sources: https://bitbucket.org/b_c/jose4j/wiki/JWT%20Examples#markdown-header-two-pass-jwt-consumption
-
repo owner - changed status to duplicate
Duplicate of
#76. - Log in to comment
v0.6.0 introduced a way to achieve similar functionality with error codes on InvalidJwtException rather than different exception types. The issue was
#76for providing programatic access to (some) specific reasons for JWT invalidity through error codes on InvalidJwtException.The error codes can be found at http://static.javadoc.io/org.bitbucket.b_c/jose4j/0.6.0/org/jose4j/jwt/consumer/ErrorCodes.html
And the consumer part of the first example of https://bitbucket.org/b_c/jose4j/wiki/JWT%20Examples shows how the error codes might be used.