Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can't pass jsonwebtoken.verify options #29

Closed
Think7 opened this issue Apr 13, 2015 · 9 comments
Closed

Can't pass jsonwebtoken.verify options #29

Think7 opened this issue Apr 13, 2015 · 9 comments
Labels

Comments

@Think7
Copy link

Think7 commented Apr 13, 2015

Currently, users of this package cannot pass in verify options for the jsonwebtokens module as shown here:
https://www.npmjs.com/package/jsonwebtoken#jwt-verify-token-secretorpublickey-options-callback

I have resolved this issue but am unfamiliar with source control and how to make a pull request.
The modified index.js for can be found here: http://pastebin.com/kibMGb11

Users now need only to pass in a verifyOptions object in the options object for the module.
Example:

    server.auth.strategy('jwt', 'jwt', true,
        {
            key: secret,
            validateFunc: validate,
            verifyOptions: {
                ignoreExpiration: true
            }
        }
    );

I also exported the JWT.sign method so now users of the package do not need to have specific requires for it in their project.

@nelsonic
Copy link
Member

@Think7 Do you have control over creating the JWT? you could simple not set the expiration in the first place if you're just going to ignore it...

@Think7
Copy link
Author

Think7 commented Apr 13, 2015

Agreed however i ran into an issue:

If client makes a request for a JWT with an expiry time of 10 mins, after the expiry time, server is going to 401 them. I need to allow users to send a potentially expired token and then check to see if they are allowed to renew their session (send them another JWT) without sending credentials over the wire a second+ time.

There are also other options other than expire in the verify options object.

@nelsonic
Copy link
Member

Ok. I don't have time to add it today. If you have time to add the code+tests and submit a pull request, please do. otherwise I will try and get to this tomorrow. 👍

@nelsonic
Copy link
Member

jsonwebtoken not very clear on what these options do: https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback

@Think7
Copy link
Author

Think7 commented Apr 13, 2015

Each option is a bool which tells jwt to ignore the thing is it's mismatching.

For example you can have it ignore tokens where the issuer is different. Forgot where i read this.

@nelsonic
Copy link
Member

@Think7 done. Grab the latest version from NPM and use how you you would expect (in the code you wrote above). thanks for letting us know you needed it and please let us know if you require anything else! 👍

@Think7
Copy link
Author

Think7 commented Apr 13, 2015

Thanks you for adding it!

It looks like you removed my forwarding of the JTW's .sign() method. Was this intentional?

Also when you have time, pretend that you are a new user coming to this package. Follow the instructions on the main page, you'll see that you get compilation errors if you follow things exactly as shown.

@nelsonic
Copy link
Member

😧 @Think7 Please create that last message as a new issue and I will get on it immediately.
Thanks again for the feedback!

@nelsonic
Copy link
Member

@Think7 we have _updated_ the readme and _simplified_ the example usage code. please review and confirm its more beginner-friendly. if you spot anything please create an issue so we can make it the best it can be! thanks again for your feedback/input! 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants