8

During the initial handshake where a token and username are passed, I am catching this strange error--

    { handle: 10,
      type: 'error',
      className: 'Error',
      constructorFunction: { ref: 11 },
      protoObject: { ref: 12 },
      prototypeObject: { ref: 3 },
      properties: 
      [ { name: 'stack',
          attributes: 2,
          propertyType: 3,
          ref: 3 },
        { name: 'arguments',
          attributes: 2,
          propertyType: 1,
          ref: 3 },
        { name: 'type',
          attributes: 2,
          propertyType: 1,
          ref: 3 },
        { name: 'message',
          attributes: 2,
          propertyType: 1,
          ref: 13 } ],
        text: 'Error: Not enough or too many segments' }

malformed JWT? initial token malformed?

sjt003
  • 2,407
  • 5
  • 24
  • 39
  • Can you show the JWT? – frasertweedale May 29 '15 at 00:29
  • I'm having difficulty replicating this error, but I have a suspicion that it is emitted after trying to parse an empty JWT. I'm not sure posting my JWT is a great idea security wise (everything is encrypted but I just don't feel good about it--having set rather loose expiration for my dev env), but I can tell you that the JWT is properly formed and transferred, having checked. – sjt003 May 29 '15 at 14:27

4 Answers4

12

If you are using JWT-simple, by looking at the source code, we can see that this error is caused by the token having an incorrect form.

//...

var segments = token.split('.');
if (segments.length !== 3) {
  throw new Error('Not enough or too many segments');
}
Pytth
  • 4,008
  • 24
  • 29
  • 3
    I don't agree with these edits. Where is this `token` variable coming from? Having the ellipsis at least demonstrated that there was additional code above that was not included in my answer. – Pytth Nov 29 '17 at 17:13
7

To the best of my knowledge this error was a result of an uncaught exception on parsing a JWT that references a user no longer in the db--the more common scenario is when bcrypt compare or whatever you are using finds the comparison of hash to be false--this I had taken into account--not finding a user I did not. When I accounted for this the error disappeared.

sjt003
  • 2,407
  • 5
  • 24
  • 39
1

Check whether your token or encrypted text having three segment. For Ex.

var segments = token.split('.');

If segments length is 3 then token is proper. But If not you must check your token has been modified in between creation and validate.

Pooja-G
  • 518
  • 4
  • 20
0

This happened to me in my angular application when I passed a messed up callback into my "then" statement.

// in my Auth Service

this.register = function (email, password) {
  return $http.post(API_URL + 'register', {
    email: email,
    password: password
  }).then(authSuccessful)
    .catch(authError);
};

function authSuccessful(res) {
  alert('success', 'Joy!', 'Welcome, ' + res.data.user.email + '.');
  // authToken.setToken just puts the token in local storage.
  authToken.setToken(res.token); // <- WRONG!!
  $state.go("connections");
}

It should have been:

function authSuccessful(res) {
  alert('success', 'Joy!', 'Welcome, ' + res.data.user.email + '.');
  authToken.setToken(res.data.token); // <- Yay!
  $state.go("connections");
}
Gabriel Kunkel
  • 2,643
  • 5
  • 25
  • 47