Missing cookie causes CookieTokenExtractor to return error

Question

Missing cookie causes CookieTokenExtractor to return error

simonrobb opened this issue 2 years ago · 7 comments

Describe the problem

I'm using the CookieTokenExtractor and when the named cookie is not present in the request, the following error is returned: error extracting token: http: named cookie not present.

The Cookie method on http.Request returns a ErrNoCookie error when the cookie doesn't exist, and that result is being directly returned by the extractor code.

What was the expected behavior?

I would expect that when the named cookie isn't present, the extractor returns no error (and an empty token). This would put its behaviour in line with the AuthHeaderTokenExtractor.

Reproduction

Use the CookieTokenExtractor, and don't pass a cookie with the provided name.
Check the error returned to the errorHandler.

Environment

go-jwt-middleware v2.0.1

Answer 1 · 2022-10-06T05:05:22.000Z

Suggested fix in this commit: 451a802

Answer 2 · 2022-10-21T06:09:06.000Z

Any comment on this proposal?

This comment in middleware.go further suggests this is not the expected behavior: https://github.com/auth0/go-jwt-middleware/blob/master/middleware.go#L61.

Answer 3 · 2022-10-26T08:13:58.000Z

Hey @simonrobb 👋🏻 apologies for the delay in getting back to you. I'll have some time to take a look at this next week.

Answer 4 · 2022-10-27T16:17:30.000Z

Hey @simonrobb I was able to fix this in #172 and it will be available in the next release. Before cutting it, I wanna tackle a few more issues and improvements, so stay tuned!

Thanks again for raising this!

I'll close this down once we make the release.

Answer 5 · 2022-10-28T04:30:41.000Z

Thanks @sergiught, that's great to hear!

Answer 6 · 2022-11-02T13:14:11.000Z

Hey @simonrobb 👋🏻 this is now available within https://github.com/auth0/go-jwt-middleware/releases/tag/v2.1.0. Thanks for your patience!

Answer 7 · 2022-11-03T05:26:23.000Z

Great work @sergiught, thank you!