b_c / jose4j / issues / #76 - Provide programmatic access to specific reasons for JWT invalidity — Bitbucket

Issue #76 closed

Brian Campbell repo owner created an issue 2016-09-20

See, for example, the comments in Sept '16 on https://bitbucket.org/b_c/jose4j/issues/29/document-how-to-validate-token-is-not

Comments (7)

Keith Gregory
As a particular use case: token expiration should be handled differently than any other failure -- ie, I want to attempt a refresh if the token has expired, but not if the issuer (or other claim) is incorrect. Although, in practice if the signature is valid and we're not checking the subject, then the only thing that it could be is an expired token.
- 2017-01-21T17:21:54+00:00
Brian Campbell reporter
@kdgregory, see the last comment with code in it at https://bitbucket.org/b_c/jose4j/issues/29/document-how-to-validate-token-is-not for a workaround that can be done now for that use case. This feature is something I'd like to add but I'm not sure when it'll get done and that's something you can use in the meantime.
- 2017-01-23T22:59:21+00:00
Keith Gregory
Right. I commented and voted so that you'd know people are interested in the feature.

Optimally, I'd like to see a "silentProcess" method, and an "isValid" on the JwtClaims object. Then I could log some of the claims if it's invalid.
- 2017-01-24T12:17:21+00:00
Brian Campbell reporter
Fair enough, interest noted. I just wanted you to be aware of the workaround approach, if you weren't already.
- 2017-01-24T13:21:46+00:00

Brian Campbell reporter

edited description
changed status to resolved

done with 1ff420d "address issue ~~#76~~ by providing programatic access to (some) specific reasons for JWT invalidity through error codes on InvalidJwtException"

With this change, you can do things like the following:

 try
    {
        //  Validate the JWT and process it to the Claims
        JwtClaims jwtClaims = jwtConsumer.processToClaims(jwt);
        System.out.println("JWT validation succeeded! " + jwtClaims);
    }
    catch (InvalidJwtException e)
    {
        // InvalidJwtException will be thrown, if the JWT failed processing or validation in anyway.
        // Hopefully with meaningful explanations(s) about what went wrong.
        System.out.println("Invalid JWT! " + e);

        // Programmatic access to (some) specific reasons for JWT invalidity is also possible
        // should you want different error handling behavior for certain conditions.

        // Whether or not the JWT has expired being one common reason for invalidity
        if (e.hasExpired())
        {
            System.out.println("JWT expired at " + e.getJwtContext().getJwtClaims().getExpirationTime());
        }

        // Or maybe the audience was invalid
        if (e.hasErrorCode(ErrorCodes.AUDIENCE_INVALID))
        {
            System.out.println("JWT had wrong audience: " + e.getJwtContext().getJwtClaims().getAudience());
        }
    }

2017-07-24T18:49:16+00:00

Brian Campbell reporter
- changed status to closed
released in v0.6.0
- 2017-07-24T19:57:35+00:00
Brian Campbell reporter
Issue ~~#103~~ was marked as a duplicate of this issue.
- 2017-09-15T19:31:22+00:00
Log in to comment

Assignee: –

Type: enhancement

Priority: minor

Status: closed

Votes: 2

Watchers: 3

Jira Software: the preferred issue tracker for Bitbucket. Join the team!