Expired JWT is treated as anonymous user (rather than returning an error)

Created on 15 November 2021, over 3 years ago

Updated 26 February 2023, about 2 years ago

When making a request using an expired JWT, it looks like it is treated as an anonymous user, rather than sending back an error.

Is that the intended behaviour?

It seems it would be better to return an error (that's what is usually recommended with JWT implementation)

💬 Support request

Status

Postponed: needs info

Component

Documentation

Created by

🇨🇦Canada hubert_r2

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment about 2 years ago →
🇺🇸United States pwolanin
please address my questions about use cases
Status changed to Closed: cannot reproduce 2 months ago3:00am 13 February 2025
Comment 2 months ago →
🇺🇸United States pwolanin

Production build 0.71.5 2024