Default token_payload doesn't return a random hex value #32

nbibler · 2019-07-18T14:34:43Z

The README indicates that if the token_payload is left unset, then it:

Defaults to a randomly generated token in a hash: { token: "RANDOM-TOKEN" }

However, that is not this library's current behavior.

The following is what is actually generated if you fail to set a token_payload:

{
  "token": "#<Method: SecureRandom.hex>"
}

The token payload's default value does not appear to be getting called (the hex method reference is simply being converted to a string) and no random hash is generated:

doorkeeper-jwt/lib/doorkeeper/jwt/config.rb

Lines 112 to 115 in 25223d6

    
           option( 
        
             :token_payload, 
        
             default: proc { { token: SecureRandom.method(:hex) } } 
        
           )

The text was updated successfully, but these errors were encountered:

ransombriggs · 2024-07-02T16:56:54Z

I can confirm this, I started with an empty config and noticed this as well when testing.

ransombriggs · 2024-07-12T17:04:36Z

I pushed up a fix for this issue: #56

nbibler · 2024-08-08T12:57:12Z

Thank you, @ransombriggs!

ransombriggs mentioned this issue Jul 12, 2024

Fix default token generation #56

Merged

nbulaj closed this as completed in #56 Aug 8, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Default token_payload doesn't return a random hex value #32

Default token_payload doesn't return a random hex value #32

nbibler commented Jul 18, 2019

ransombriggs commented Jul 2, 2024

ransombriggs commented Jul 12, 2024

nbibler commented Aug 8, 2024

Default token_payload doesn't return a random hex value #32

Default token_payload doesn't return a random hex value #32

Comments

nbibler commented Jul 18, 2019

ransombriggs commented Jul 2, 2024

ransombriggs commented Jul 12, 2024

nbibler commented Aug 8, 2024