Token could not be parsed from the request

[Messhias]

Subject of the issue

Describe your issue here.

Your environment

Q	A
Bug?	yes
New Feature?	maybe
Framework	Laravel / Lumen
Framework version	8.x
Package version	current
PHP version	8.x

Steps to reproduce

Tell us how to reproduce this issue.

Expected behavior

Try to put something in the token header different from Bearer <token> and see the local.ERROR: Token could not be parsed from the request. {"exception":"[object] (JWTException(code: 0): Token could not be parsed from the request. at /jwt-auth/src/JWTGuard.php:419)

Actual behaviour

local.ERROR: Token could not be parsed from the request. {"exception":"[object] (JWTException(code: 0): Token could not be parsed from the request. at /jwt-auth/src/JWTGuard.php:419)

Propose change

I don't have an actual propose change, but this is could happen when we have a frontend environment in which the tokens is shared on the same localStorage, might be would be better we just remove the payload and return false or something instead throw an exception, or return it as a message with a response 401.

[Messhias]

@eschricker do you think is worth keeping throwing this exception, I'm the kind of guy who likes exceptions but it is on logs and just no stopping the application works but there are some exceptions it's necessary to be thrown because it destroys the rest of the exception of the application.

What do you think? Might be it's better to close this issue and keep it as it is?

[eschricker]

I was not able to reproduce the issue. When I use something other like Bearer <token> or nonsense as token, I directly get the message 'Unauthorized' from the Authenticate-middleware.

I think exceptions should not be populated to the outside. If the token could not be parsed, the check if the tokens are valid should always return false. So it would be good to catch the exception and return false.

I hope I understand the problem right :D

[leon0399]

I was not able to reproduce the issue. When I use something other like Bearer <token> or nonsense as token, I directly get the message 'Unauthorized' from the Authenticate-middleware.

I think exceptions should not be populated to the outside. If the token could not be parsed, the check if the tokens are valid should always return false. So it would be good to catch the exception and return false.

I hope I understand the problem right :D

It can be reproduced, but only when using package-provided middlewares, which are deprecated.

We need to decide:

1. Do we fix these middlewares and keep them deprecated
2. We don't change anything and just keep middlewares as-is and just close issue
3. Do something other (I, personally, can see some of the middlewares useful, e.g. I use token.refresh' for my JWT refresh route, to keep tokens short-living)

[mfn]

I see this got added to a project named "V1 Maintenance"

I've to disagree:

• I believe our current 1.* should be the most compatible one with the original fork
• any change in behaviour should target 2.*

I.e. the discussion resolves around a change in behaviour which IMHO also relate to semver and should not be changed in a minor version.