Skip to content

Nimbus JwtDecoders should differentiate token and service errors #7885

New issue
New issue
Closed
Closed
Nimbus JwtDecoders should differentiate token and service errors#7885
Assignees
jzheaux
Labels
in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement
Milestone
5.3.0.RC1
@jzheaux

Description

@jzheaux
jzheaux
opened on Jan 31, 2020

In nearly all cases, NimbusJwtDecoder and NimbusReactiveJwtDecoder throw a JwtException when something goes wrong.

However, this makes it tricky to differentiate between invalid tokens and invalid application state.

One way to improve this would be to introduce a new exception that extends JwtException. Like BadCredentialsException, BadJwtException could be a good name.

Then, if the exception is BadJwtException, the application can know that it's an invalid token instead of invalid application state

Metadata

Metadata

Assignees

Labels

in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions