When decoding, if JWT payload is not valid it returns null#24
When decoding, if JWT payload is not valid it returns null#24dschenkelman wants to merge 1 commit intoauth0:masterfrom
Conversation
|
Hey, BTW, there's already a "safe" JSON parse : https://github.com/brianloveswords/node-jws/blob/master/lib/verify-stream.js#L14 I have the same problem so I would really like to see this PR merged. |
dschenkelman
force-pushed
the
nullForInvalidPayload
branch
from
b92fca9 to
9fcaf11
Compare
|
Wow, had forgotten about this PR! @hsablonniere thanks for the suggestion, updated the code. Just updated to master in case this could still get in. I know it changes behaviors compared to the old one, but is seems more consistent. Thoughts? |
|
Hey Damian, Long time no see :-) |
| function safeJsonParse(thing, encoding) { | ||
| if (isObject(thing)) | ||
| return thing; | ||
| try { return JSON.parse(thing); } |
There was a problem hiding this comment.
this is not supported by the JSON.parse API, see comment here: #86 (comment)
Ref: reviver in https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/parse
There was a problem hiding this comment.
IMO only the if (!payload) { return null; } check should be added by this CR, encoding support is addressed in newer CR #86
|
I also just ran into this due to a security researcher sending malformed JSON in the base64-encoded payload. @shane-tomlinson, please consider merging this 🤗 |
4 participants
No description provided.