Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

trying test expired token #111

Closed
haromy opened this issue Sep 8, 2020 · 11 comments · Fixed by #137
Closed

trying test expired token #111

haromy opened this issue Sep 8, 2020 · 11 comments · Fixed by #137
Labels

Comments

@haromy
Copy link

haromy commented Sep 8, 2020

I'm trying testing expired token
test via postman
after login, I'm waiting for 5 minutes, for testing token expired
but get a response like this one

{
    "errors": [
        {
            "debugMessage": "invalid-jwt | The iss do not match with this server",
            "message": "Internal server error",
            "extensions": {
                "category": "internal"
            },
            "locations": [
                {
                    "line": 2,
                    "column": 3
                }
            ],
            "path": [
                "generalSettings"
            ]
        }
    ],
    "data": {
        "generalSettings": null
    }
}

is there anything I'm missing for setup?

@jasonbahl
Copy link
Collaborator

@haromy are you using the token on a different URL than you are getting the token from? the iss is the issuer and is the domain that issued the token.

This error means that the domain encoded in the token by the server that issued the token doesn't match the server that's trying to decode and use the token.

Did you get a token from a staging server and use it on a production server or something along those lines?

@haromy
Copy link
Author

haromy commented Sep 8, 2020

hi @jasonbahl
I'm not using a different URL, still on the same URL

and after 2 hours for checking in the source code, I'm found issue from this code
in source code src/Auth.php line 574

$token =  new \WP_Error( 'invalid-secret-key', $exception->getMessage() );

I`m changing it to

return new \WP_Error( 'invalid-secret-key', $exception->getMessage() );

in source code wp-graphql-jwt-authentication.php line 200

throw new \Exception( $token->get_error_code() . ' | ' . $token->get_error_message() );

I`m changing it to

throw new UserError( __( $token->get_error_message(), 'wp-graphql-jwt-authentication' ) );

I saw on the source code src/Auth.php for function validate_token, when try validate decode token, and got exception (e.g : expired token)
it's set $token from WP_Error rather than return it, that's cause when processing function on line 588 to 607 will throw error like I metion on my first message,
so, is good to move source code line 588 - 607 inside try catch on line 571 - 574, and on catch just need throw exception

after change the code like on top, the response change to

{
    "errors": [
        {
            "message": "Expired token",
            "extensions": {
                "category": "user"
            },
            "locations": [
                {
                    "line": 2,
                    "column": 3
                }
            ],
            "path": [
                "generalSettings"
            ]
        }
    ],
    "data": {
        "generalSettings": null
    }
}

@haromy
Copy link
Author

haromy commented Sep 8, 2020

I'm still trying figure out how to change http status to 401 (Token Expired).

@septk
Copy link

septk commented Sep 9, 2020

I'm still trying figure out how to change http status to 401 (Token Expired).

You can set self::set_status( 401 ); before returning WP_Error

@lutaev
Copy link

lutaev commented Mar 18, 2021

Hi @haromy, is there any progress in this problem? It is still returns a debug message "invalid-jwt | The iss do not match with this server" with 200 http response code.

@pcraciunoiu
Copy link
Contributor

I opened #137. Though no commits in this repo since August last year doesn't seem promising - is anyone still maintaining this plugin?

@hanhcode
Copy link

I also had this error and fixed it. The error is not from the plugin. In my ReactJs code there is a problem. Need to check and delete localStorage when token expires.

@eavonius
Copy link

I'm experiencing this same problem. Would love to know the status of this repo and if its abandoned or not.

@jasonbahl
Copy link
Collaborator

@eavonius I've not been actively using it myself in projects, so it's been stale for sure.

I realize it's important to a lot of folks in the WPGraphQL ecosystem, so I'll try to keep it a bit better updated, but I would also encourage forks or other solutions that solve the same problem.

I would love to see other solutions from the community that don't rely an me as a bottleneck.

@grazianodev
Copy link

I've not been actively using it myself in projects, so it's been stale for sure

@jasonbahl What have you been using? :)

@jasonbahl
Copy link
Collaborator

@grazianodev a lot of the stuff I personally work on uses WPGraphQL in the admin area of WordPress, so I use the existing logged in user cookie.

For example, how the GraphiQL IDE in the WP Admin works: https://github.com/wp-graphql/wp-graphql/blob/develop/packages/wpgraphiql/utils/fetcher.js#L11-L23

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

8 participants