You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently there is no ValidateOptions in the DefaultConfig, and the WithConfig function will only validate the token where there is at least one validation option. This leads to expired token passing through the middleware.
Is there any particular reason I missed that we don't set jwt.WithValidate(true) by default?
To Reproduce / Expected behavior Current: Run the server with this middleware and start a request with a valid but expired token, the middleware will accept it.
Expected: throw 401 with message=invalid or expired jwt, internal=exp not satisfied"
Additional context
Thank you for the marvelous jwx project and this great example. Helped me a lot on how to use jwx with Echo.
The text was updated successfully, but these errors were encountered:
Describe the bug
Currently there is no
ValidateOptionsin theDefaultConfig, and theWithConfigfunction will only validate the token where there is at least one validation option. This leads to expired token passing through the middleware.Is there any particular reason I missed that we don't set
jwt.WithValidate(true)by default?echo-middleware-jwx/jwx.go
Lines 82 to 83 in a7763b9
To Reproduce / Expected behavior
Current: Run the server with this middleware and start a request with a valid but expired token, the middleware will accept it.
Expected: throw 401 with
message=invalid or expired jwt, internal=exp not satisfied"Additional context
Thank you for the marvelous jwx project and this great example. Helped me a lot on how to use jwx with Echo.
The text was updated successfully, but these errors were encountered: