handling invalid token without raising Exception

[slashmili]

What do you think of returning false when the token is invalid instead of raising ArgumentError?

jwk = %{
  "kty" => "oct",
  "k" => :base64url.encode("symmetric key")
}

{false, _, _} = JOSE.JWT.verify(jwk, "invalid")

I'm suggesting that because feels more natural and also make it much easier to use with pipes in Elixir.

[rlopzc]

@slashmili how did you manage the Argument error?

I made this, what do you think?

def from_token(token) do
    jwk_key = Application.get_env(:soranus, :ec_private_jwk).()
    try do
      case JOSE.JWK.verify(token, jwk_key) do
        {true, "User:"<> id, _} -> id
        _ -> nil
      end
    rescue ArgumentError ->
      nil
    end
  end

[slashmili]

More or less, if you look at the way that Elixir/Erlang handles "valid" errors is more like this :

iex(1)> File.read("/tmp/invalidfile")
{:error, :enoent}

So what I use is like this:

  defp verify_token(token) do
    try do
      JWT.verify(@invitation_jwk, token)
    rescue
      e -> e
    end
  end

  def validate_my_token(token) do
    with {true, %JWT{fields: data}, _} <- verify_token(token) do
      {:ok, data}
    else
      {false, jwt, jws} -> {:error, :not_verified}
      e -> {:error, e}
    end
  end

What I would like to see from this library is to return like this:

{:ok, _, _} = JWT.verify(@invitation_jwk, valid_token)
{:error, _, _} = JWT.verify(@invitation_jwk, invalid_token)

[potatosalad]

Version 1.8.0 of jose essentially just captures the thrown exceptions and returns then as an :error tuple for now.

I would like to refactor the project to return things similar to what @slashmili suggested, but the amount of refactoring required might be better suited for the next major version of the project.