-1

I'm using express-jwt. I want to send a different status code back when it fails. I actually have 2 different express-jwt middlewares set up, one that requires credentials and the other that decodes the token optionally if it's there. With the latter, if the token exists but expires, I want to return a different status code because on a 401, my app automatically redirects the user to the login page and I don't want that to happen on an optional authentication.

Here's my express-jwt setup:

const jwt = require('express-jwt');

exports.decodeAuthIfExist = jwt({
  secret: jwksRsa.expressJwtSecret({
    cache: true,
    rateLimit: true,
    jwksRequestsPerMinute: 5,
    jwksUri: `https://${process.env.AUTH0_DOMAIN}/.well-known/jwks.json`
  }),
  credentialsRequired: false,
  audience: process.env.AUTH0_AUDIENCE,
  issuer: `https://${process.env.AUTH0_DOMAIN}/`,
  algorithms: ['RS256']
});

And this is how I use it:

app.get('/resource',
    auth.decodeAuthIfExist,
    resource.get);

What do I need to modify to return a status code of 402 for example.

kane
  • 5,465
  • 6
  • 44
  • 72

1 Answers1

0

express-jwt will throw an UnauthorizedError error. It does not set the status at all.

You have error middleware defined somewhere that is handling the exception.

Cisco
  • 20,972
  • 5
  • 38
  • 60
  • You can't, it's part of the source code itself of `express-jwt`. See source: https://github.com/auth0/express-jwt/blob/master/lib/index.js – Cisco May 09 '18 at 19:29