Expected behavior upon JWT verification failure #735

hojoungjang · 2024-12-03T07:10:57Z

hojoungjang
Dec 3, 2024

I am not sure what should happen when the verification using jose.jwtVerify(...) fails (i.e. the given JWT is invalid).
Can you please provide some examples? Do we simply catch errors like this?

const jwtPubKey = "..."
const key = await jose.importSPKI(jwtPubKey, "RS256");
try {
  const { payload, protectedHeader } = await jose.jwtVerify(token, key);
} catch (error) {
  console.log(error);
}

For my use case, I need to determine when the verification fails.

I assume there are different scenarios for verification failures (ex. expired JWT, signature mismatch and so on).
Will catching the error cover all cases where the JWT is invalid?

Answered by panva

Dec 3, 2024

The returned promise will only resolve when everything's in order. In all other cases the promise will reject.

View full answer

panva · 2024-12-03T09:57:52Z

panva
Dec 3, 2024
Maintainer

The returned promise will only resolve when everything's in order. In all other cases the promise will reject.

1 reply

hojoungjang Dec 4, 2024
Author

Got it, thanks!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Expected behavior upon JWT verification failure #735

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Expected behavior upon JWT verification failure #735

Uh oh!

Uh oh!

hojoungjang Dec 3, 2024

Replies: 1 comment · 1 reply

Uh oh!

panva Dec 3, 2024 Maintainer

Uh oh!

hojoungjang Dec 4, 2024 Author

hojoungjang
Dec 3, 2024

Replies: 1 comment 1 reply

panva
Dec 3, 2024
Maintainer

hojoungjang Dec 4, 2024
Author