Returning boolean on token validator #272
Comments
|
Returning a boolean value would make it impossible to know what went wrong with the token verification (e.g. what check triggered the failure). The exception that is raised at least has a message describing the issue. I believe this should help while developing or debugging an app. It's probably not helpful during production, as token validation issues are typically related to a wrong configuration/setup. i.e. something like this try:
sv = AsymmetricSignatureVerifier(jwks_url)
tv = TokenVerifier(signature_verifier=sv, issuer=issuer, audience=client_id)
tv.verify(id_token)
except TokenValidationError as err:
print errI think making it return the token's payload claims (if all checks passed) is more useful than returning nothing. Since that way, if you want to consume the token contents, you don't need to decode it again. |
|
Yes, I agree. My point was it is returning None even if all checks passed. I just updated my PR. And it's open for commits by contributors. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you have not received a response for our team (apologies for the delay) and this is still a blocker, please reply with additional information or just a ping. Thank you for your contribution! 🙇♂️ |
Hi,
I'm using the token validator of the authentication submodule. It's raising a TokenValidationError if validation failed and returning nothing (so the method returning None by python internals) if validation success.
I'm not sure is it a good idea. If I use this method inside an if condition and assume the token is valid the condition won't work. Because it will return None which is equal to False.
In my opinion, the method should return True when a token is validated. And IMHO it should return False instead of raising an error, but it will be a breaking change. So I'm not sure is it necessary.
The text was updated successfully, but these errors were encountered: