-
Notifications
You must be signed in to change notification settings - Fork 232
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nodejs exits when trying to authorize with an expired access token #292
Comments
Hi @m-takata - thanks for raising this I'm not too familiar with Nest.js - but I'm not sure extending the Passport strategy would be the easiest way to go. Have a look at one of our example applications api_nestjs_typescript_hello-world - which creates an auth guard to protect api's using |
Hi @adamjmcgrath. I referred to this article. I think this article is also an official Auth0 article, but on the other hand, can the above SAMPLE and this article do the same thing? I am not familiar with Passport itself either, so I don't understand the difference. |
As a bug, can you please fix it? |
Fixing AuthGuard solved the problem. before
after
|
Describe the problem
I'm trying to extend NestJS's PassportStrategy to incorporate jwks-rsa and protect the API with OAuth authorization.
When I made a request to the NestJS AuthGuard protected API with an expired access token, an unexpected exception occurred and the NodeJS process exited.
What was the expected behavior?
Invalid token, so I want to be protected by AuthGuard and respond 403
Reproduction
Environment
node : v16.13.2
framework: NestJS 8
dependencies of package.json
Consideration
(1) Authenticate of strategy.js of passport-jwt is called in canActivate() of AuthGuard of @nestjs/passport.
https://github.com/nestjs/passport/blob/master/lib/auth.guard.ts#L56
(2) authenticate of strategy.js of passport-jwt calls secretProvider returned by passportJwtSecret of jwks-rsa.
https://github.com/mikenicholson/passport-jwt/blob/master/lib/strategy.js#L99
(3) The secretProvider returned by jwks-rsa's passportJwtSecret calls the callback function in the response process then() of the asynchronous call to client.getSigningKey().
https://github.com/auth0/node-jwks-rsa/blob/master/src/integrations/passport.js#L44
(4) The function in authenticate of strategy.js of passport-jwt is called as a callback function, and verify.js of jsonwebtoken is called.
(5) If the validity period has expired in verify.js of jsonwebtoken, the callback function is called.
(6) A function within the function in authenticate of strategy.js of passport-jwt is called as a callback function and starts error processing.
(7) handleRequest() of AuthGuard in @nestjs/passport handleRequest(null, false,...) and throws UnauthorizedException
(8) The exception is thrown up to (3), and the exception is thrown in then(), so the exception is thrown up to the top level and the process is terminated.
https://github.com/auth0/node-jwks-rsa/blob/master/src/integrations/passport.js#L44
I think it will work correctly if the exception is properly handled in place of (8)
The text was updated successfully, but these errors were encountered: