Skip to content

WithConfig is not validating jwt by default settings #1

New issue
New issue
Open
Open
WithConfig is not validating jwt by default settings#1
@kunKun-tx

Description

@kunKun-tx
kunKun-tx
opened on Sep 22, 2022

Describe the bug

Currently there is no ValidateOptions in the DefaultConfig, and the WithConfig function will only validate the token where there is at least one validation option. This leads to expired token passing through the middleware.

Is there any particular reason I missed that we don't set jwt.WithValidate(true) by default?

echo-middleware-jwx/jwx.go

Lines 82 to 83 in a7763b9

if len(config.ValidateOptions) > 0 {
options = append(options, jwt.WithValidate(true))

To Reproduce / Expected behavior
Current: Run the server with this middleware and start a request with a valid but expired token, the middleware will accept it.

Expected: throw 401 with message=invalid or expired jwt, internal=exp not satisfied"

Additional context
Thank you for the marvelous jwx project and this great example. Helped me a lot on how to use jwx with Echo.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions