nestjs/passport

Custom errors in secretOrKeyProvider

vanhumbeecka opened this issue · 4 comments

vanhumbeecka commented

I'm submitting a...


[ ] Regression 
[ ] Bug report
[x ] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

I'm using @nestjs/passport together with passport-jwt.
In my situation, I'm using the secretOrKeyProvider option instead of the secretOrKey since the key needs to be fetched async. When something goes wrong in this function (and I end the call with providing an error to the callback done(err, undefined), then the library correctly returns an UnauthorizedException.

The feature request now is:
Whatever error is returned in the done callback, the nest passport package ALWAYS returns a standard UnauthorizedException without extra information. Even when supplying more concrete info (for example done(new ForbiddenException('test')), this information gets lost and nest returns a standard UnauthorizedException

It would be really helpfull to be able to capture this more concrete info in this secretOrKeyProvider callback function.

Below is a code example:

import { Injectable, UnauthorizedException, ForbiddenException } from "@nestjs/common";
import { PassportStrategy } from "@nestjs/passport";
import { ExtractJwt, Strategy as PassportJwtStrategy, StrategyOptions } from "passport-jwt";

@Injectable()
export class JwtClientCredentialStrategy extends PassportStrategy(PassportJwtStrategy) {
    constructor() {
        super({
            jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
            secretOrKeyProvider: (req, rawJwt, done) => done(new ForbiddenException('test')),
            algorithms: ["RS256", "ES256"],
            passReqToCallback: true
        } as StrategyOptions);
    }

    // https://docs.nestjs.com/techniques/authentication
    async validate(request: Request, payload: any): Promise<any> {
       ...
    }

Expected behavior

Nest correctly returns the ForbiddenException as a result.

Minimal reproduction of the problem with instructions

The code example can be used directly as a Guard for testing any route.

What is the motivation / use case for changing the behavior?

Return more specific info to the user why the Authorization has failed. (instead of a simple UnauthorizedError)

Environment


 "@nestjs/passport": "^7.1.0"

 
For Tooling issues:
- Node version: v10.16.3
- Platform:  MacOS

Others:
kamilmysliwiec commented

Would you like to create a PR for this issue?

kamilmysliwiec commented

Ah actually, I believe that you should be able to accomplish this by overriding the handleRequest() method as shown here https://docs.nestjs.com/techniques/authentication#extending-guards. Inside this method, you can just throw a different error based on either "info" or "err" arguments.

  • 👍1
vanhumbeecka commented

Awesome! This works as expected and resolves this issue. Thank you.

snigdha920 commented

Ah actually, I believe that you should be able to accomplish this by overriding the handleRequest() method as shown here https://docs.nestjs.com/techniques/authentication#extending-guards. Inside this method, you can just throw a different error based on either "info" or "err" arguments.

The updated link for this example is here: https://docs.nestjs.com/recipes/passport#extending-guards