- edited description
BadJWTException contains no programmatically distinguishable qualities
Some of the error messages supplied to BadJWTException don't suit our use cases, and we'd like to replace them (wrap in our own exception with our own message).
The problem is that we cannot distinguish between BadJWTExceptions since there is no hierarchy of exceptions or distinguishable state, like an error code.
What would you think of one of the two solutions (or what would you otherwise recommend):
- Adding an enum error code parameter to BadJWTException (or BadJOSEException):
catch ( BadJWTException e ) {
if ( e.getCode() == JWTErrorCode.IS_EXPIRED ) {
// ... etc.
} else if {
...
- Exposing the constant exceptions listed in BadJWTExceptions, say:
catch ( BadJWTException e ) {
if ( BadJWTExceptions.isExpired(e) ) {
// ... etc.
} else if {
...
Comments (7)
-
reporter -
reporter - edited description
-
reporter - edited description
-
reporter - edited description
-
Hi Josh,
The error code appears to be the optimal solution.
The
is...
is problematic, because with that the processor will need to create a complete picture of the JWTs faults, and at present it throws the exception as soon as it detects a problem.Which error codes / conditions matter to you?
The rest can fall into a general error code.
-
reporter Hi Vladimir,
Sorry for my delayed reply.
Those that are most important are:
- Expired Jwt
- "Too Early" Jwt (before "nbf")
- Unsigned Jwt
- Malformed Jwt
- Signature Verification Failed
Some less important ones are:
- Missing a required field
- Signature Verification Failed because there was no matching key
- Signature Verification Failed because the algorithm is not supported
- Signature Verification Failed because there was some problem with the remote Jwk endpoint (e.g. timeout, malformed response)
- (i.e. distinguish signature verification failures)
-
Thanks Josh for the input.
I was thinking of introducing an enum to represent the error codes. Not sure how to approach this refinement with "signature verification failed due to x" with an enum though.
- Log in to comment