getRsaVerifier occasionally throws with 'Cannot read property 'modulus' of undefined'
Closed this issue · 2 comments
First of all, sorry for the issue with semi-scarce details, but haven't been able to replicate this successfully yet.
I am running automated browser tests with https://www.cypress.io/ and all of our steps start with logging in with auth0-lock. Occasionally (usually if the browser is not active) the GET-request to .well-known.json seems to get aborted, which leads to body being null and the getRsaVerifier throwing at cb(null, new RSAVerifier(keyInfo.modulus, keyInfo.exp)) because keyInfo ends up being null.
I'd assume what happens is that the request gets aborted by superagent, but idtoken-verifier continues verifying the keyInfo regardless of it not being available.
IdTokenVerifier.prototype.getRsaVerifier = function (iss, kid, cb) {
var _this = this;
var cachekey = iss + kid;
if (!this.jwksCache.has(cachekey)) {
jwks.getJWKS({
jwksURI: this.jwksURI,
iss: iss,
kid: kid
}, function (err, keyInfo) {
if (err) {
return cb(err);
}
_this.jwksCache.set(cachekey, keyInfo);
return cb(null, new RSAVerifier(keyInfo.modulus, keyInfo.exp)); // throws Cannot read property 'modulus' of undefined
});
} else {
var keyInfo = this.jwksCache.get(cachekey); // eslint-disable-line vars-on-top
cb(null, new RSAVerifier(keyInfo.modulus, keyInfo.exp));
}
};We had this issue in a previous version because we weren't stopping the execution when an error happened. We fixed it here: #14
Are you running the latest version?
Thanks @luisrudge, missed that PR. I'll try to update and see if the issue persists.