You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Aug 28, 2023. It is now read-only.
the jwtVerify function expects 3 arguments (req, token, done)
the req object doesn't get passed in and as a result the token and done function get shifted left. internally in jwtVerify req is the token and token is the done callback and done is undefined
this causes the jws.decode(token) to fail when it tries to decode the token because 'token' is a function.
If i change the jwtVerify function to remove req and just do (token, done) it still fails with TypeError: Invalid hex string
TypeError: Invalid hex string
at TypeError (native)
at Buffer.write (buffer.js:594:21)
at fromString (buffer.js:113:26)
at new Buffer (buffer.js:58:12)
at Object.exports.getElement.exports.getFirstElement.exports.originalURL.exports.merge.exports.uid.exports.rsaPublicKeyPem
rsaPublicKeyPem uses new Buffer and that's where it fails when i ignore the missing req object for jwtVerify()
The text was updated successfully, but these errors were encountered:
found the problem. util._extend({}, opts, { passReqToCallback: true })
util._extend only takes 2 arguments. That means passReqToCallback: true is being dropped everytime if your own options don't set it. The default doesn't apply.
fix is to reduce util._extend() to util._extend(opts, { passReqToCallback: true }) since opts is set to the supplied options or initialized to an empty object at the top. req will then be passed properly to jwtVerify()
I'll make a PR shortly for this (I still get the invalid hex string error once this is fixed though. will investigate that next)
I'm building a single page app to use AzureAD and i'm using adal-angular client side with passport-azure-ad server side
When I try to use the BearerStrategy it fails.
the BearerStrategy wraps the original passport-http-bearer and calls it internally like this
the jwtVerify function expects 3 arguments (req, token, done)
the req object doesn't get passed in and as a result the token and done function get shifted left. internally in jwtVerify req is the token and token is the done callback and done is undefined
this causes the
jws.decode(token)
to fail when it tries to decode the token because 'token' is a function.If i change the jwtVerify function to remove req and just do (token, done) it still fails with TypeError: Invalid hex string
rsaPublicKeyPem uses new Buffer and that's where it fails when i ignore the missing req object for jwtVerify()
The text was updated successfully, but these errors were encountered: