Expired token raising wrong exception about jwt-auth HOT 9 CLOSED

Hi Felix,

This is indeed an issue with the package. The reason your seeing this behaviour is because the firebase provider, which does the heavy lifting of encoding and decoding the tokens, was throwing an UnexpectedValueException (because the token had expired) which was being caught before a TokenExpiredException could be thrown. As a result a TokenInvalidException is actually thrown with the message "Expired Token", (as you experienced).

I believe this is now fixed and I have released version 0.3.9 to address this. Please let me know if this fixes your issue.

Thanks!

from jwt-auth.

Hi,

I've updated and now getting an error that $payload isn't defined when using an expired token.

Looking at the firebase provider its correctly skipping the general JWTException but there's then no $payload defined. I tried just repeating the $payload = (array) Firebase::decode() from the 'try' after the if statement but got an unexpected value error so not sure what to do to fix that.

from jwt-auth.

I've The same issue, I've tried to bypass the $payload but I get the exception from the toUser() method, it seems that the Expire Exception not fired,

my code

$user = \JWTAuth::parseToken()->toUser();

the error report

file: "/home/migaber/public_html/dandin-system/api-laravel/vendor/tymon/jwt-auth/src/Tymon/JWTAuth/Providers/AbstractProvider.php"
line: 105
message: "A token is required"
type: "Tymon\JWTAuth\Exceptions\JWTException"

my Edit on decode method

public function decode($token){
    $this->createToken($token);
    try {
        $payload = (array) Firebase::decode($this->token, $this->secret);
    } catch (Exception $e) {
        // ignore firebase's expired exception because we will throw our own later
        if ($e->getMessage() !== 'Expired Token') {
            throw new JWTException('Could not decode token: ' . $e->getMessage());
        } else {
            return false;
       }
   }
       return $this->createPayload($payload);
   }

from jwt-auth.

Sorry about that guys.. should be fixed now. (0.3.10)

The firebase provider obviously doesn't return the payload if an expired exception is thrown, and that's where it went wrong. doh!

I will try and come up with a better solution to this, as I complete the refactor over on develop

from jwt-auth.

Hi,

That (almost) works for me. The correct exception is thrown but I had to add a use statement for theTokenExpiredException exception in FirebaseProvider.php (well my IDE told me to at any rate),

i.e.

use Tymon\JWTAuth\Exceptions\TokenExpiredException;

As an aside i'm told these two references aren't needed:

use Tymon\JWTAuth\Providers\AbstractProvider;
use Tymon\JWTAuth\Providers\ProviderInterface;

from jwt-auth.

yes, you are right, don't know what was going on in my head this weekend! 😣

I think I'll be using php storm from now on!

0.3.11 tagged

from jwt-auth.

Solved from my side too,
but I think you missed the Event Listener Event::listen('tymon.jwt.expired') ??

from jwt-auth.

@migaber good point, i'll edit the release a little later for that.

Tbh I'm not overly fond of having those two places that handle token expiry.. I will have a think on a better solution for this

from jwt-auth.

0.3.11 works for me (I don't use the events so I didn't think about that).

from jwt-auth.