WithConfig is not validating jwt by default settings
Opened this issue · 0 comments
Describe the bug
Currently there is no ValidateOptions
in the DefaultConfig
, and the WithConfig
function will only validate the token where there is at least one validation option. This leads to expired token passing through the middleware.
Is there any particular reason I missed that we don't set jwt.WithValidate(true)
by default?
Lines 82 to 83 in a7763b9
To Reproduce / Expected behavior
Current: Run the server with this middleware and start a request with a valid but expired token, the middleware will accept it.
Expected: throw 401 with message=invalid or expired jwt, internal=exp not satisfied"
Additional context
Thank you for the marvelous jwx project and this great example. Helped me a lot on how to use jwx with Echo.