Prerequisites
Describe the issue
Reporting a potential bug.
When a JWT token expires, jwtVerify middleware responds with status code 403. Here's a link to that line of source code for reference.
This appears to be contrary to RFC 6750 section 3.1 which states:
invalid_token
The access token provided is expired, revoked, malformed, or
invalid for other reasons. The resource SHOULD respond with
the HTTP 401 (Unauthorized) status code. The client MAY
request a new access token and retry the protected resource
request.
We plan to patch jwtVerify to follow the standard.
We can also submit a PR if that helps? At this point, I imagine that many companies have written code to expect the 403 response, so the PR may be more than a 1-line change.
Library URL
https://github.com/kinde-oss/kinde-node-express
Library version
1.6.0
Operating system(s)
Other Linux
Operating system version(s)
Amazon Linux 2023.6.20241010.0
Further environment details
No response
Reproducible test case URL
No response
Additional information
No response
Prerequisites
Describe the issue
Reporting a potential bug.
When a JWT token expires,
jwtVerifymiddleware responds with status code 403. Here's a link to that line of source code for reference.This appears to be contrary to RFC 6750 section 3.1 which states:
We plan to patch
jwtVerifyto follow the standard.We can also submit a PR if that helps? At this point, I imagine that many companies have written code to expect the 403 response, so the PR may be more than a 1-line change.
Library URL
https://github.com/kinde-oss/kinde-node-express
Library version
1.6.0
Operating system(s)
Other Linux
Operating system version(s)
Amazon Linux 2023.6.20241010.0
Further environment details
No response
Reproducible test case URL
No response
Additional information
No response