weixin_39566882
weixin_39566882
2020-12-08 23:39

trying test expired token

I'm trying testing expired token test via postman after login, I'm waiting for 5 minutes, for testing token expired but get a response like this one


{
    "errors": [
        {
            "debugMessage": "invalid-jwt | The iss do not match with this server",
            "message": "Internal server error",
            "extensions": {
                "category": "internal"
            },
            "locations": [
                {
                    "line": 2,
                    "column": 3
                }
            ],
            "path": [
                "generalSettings"
            ]
        }
    ],
    "data": {
        "generalSettings": null
    }
}

is there anything I'm missing for setup?

该提问来源于开源项目:wp-graphql/wp-graphql-jwt-authentication

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

4条回答

  • weixin_39932330 weixin_39932330 5月前

    are you using the token on a different URL than you are getting the token from? the iss is the issuer and is the domain that issued the token.

    This error means that the domain encoded in the token by the server that issued the token doesn't match the server that's trying to decode and use the token.

    Did you get a token from a staging server and use it on a production server or something along those lines?

    点赞 评论 复制链接分享
  • weixin_39566882 weixin_39566882 5月前

    hi
    I'm not using a different URL, still on the same URL

    and after 2 hours for checking in the source code, I'm found issue from this code in source code src/Auth.php line 574

    
    $token =  new \WP_Error( 'invalid-secret-key', $exception->getMessage() );
    

    I`m changing it to

    
    return new \WP_Error( 'invalid-secret-key', $exception->getMessage() );
    

    in source code wp-graphql-jwt-authentication.php line 200

    
    throw new \Exception( $token->get_error_code() . ' | ' . $token->get_error_message() );
    

    I`m changing it to

    
    throw new UserError( __( $token->get_error_message(), 'wp-graphql-jwt-authentication' ) );
    

    I saw on the source code src/Auth.php for function validate_token, when try validate decode token, and got exception (e.g : expired token) it's set $token from WP_Error rather than return it, that's cause when processing function on line 588 to 607 will throw error like I metion on my first message, so, is good to move source code line 588 - 607 inside try catch on line 571 - 574, and on catch just need throw exception

    after change the code like on top, the response change to

    
    {
        "errors": [
            {
                "message": "Expired token",
                "extensions": {
                    "category": "user"
                },
                "locations": [
                    {
                        "line": 2,
                        "column": 3
                    }
                ],
                "path": [
                    "generalSettings"
                ]
            }
        ],
        "data": {
            "generalSettings": null
        }
    }
    
    点赞 评论 复制链接分享
  • weixin_39566882 weixin_39566882 5月前

    I'm still trying figure out how to change http status to 401 (Token Expired).

    点赞 评论 复制链接分享
  • weixin_39825722 weixin_39825722 5月前

    I'm still trying figure out how to change http status to 401 (Token Expired).

    You can set self::set_status( 401 ); before returning WP_Error

    点赞 评论 复制链接分享

相关推荐