Changes aud/iss error to use actual expected value

abalmos · abalmos · commit 44e3c8d757e6 · 2015-02-13T21:08:55.000-05:00
The message part of the JsonWebTokenError generated for aud and iss mismatch
currently use the [PAYLOAD AUDIENCE] and [PAYLOAD ISSUER] as the expected value.
This leads to confusion.  For example, say a JWT aud is set to
'https://localhost' and the expected value is 'https://localhost:8443'. The
resulting error message is:

'jwt audience invalid. expected: https://localhost:8443'

Which of courses tells the user that the audience is incorrect, yet the expected
value is the value sent.

This commit changes the error message to use the actual expected values,
[OPTIONS AUDIENCE] and [OPTIONS ISSUER].
diff --git a/README.md b/README.md
@@ -162,8 +162,8 @@ Error object:
   * 'jwt malformed'
   * 'jwt signature is required'
   * 'invalid signature'
-  * 'jwt audience invalid. expected: [PAYLOAD AUDIENCE]'
-  * 'jwt issuer invalid. expected: [PAYLOAD ISSUER]'
+  * 'jwt audience invalid. expected: [OPTIONS AUDIENCE]'
+  * 'jwt issuer invalid. expected: [OPTIONS ISSUER]'
 
 ```js
 jwt.verify(token, 'shhhhh', function(err, decoded) {
diff --git a/index.js b/index.js
@@ -120,12 +120,12 @@ module.exports.verify = function(jwtString, secretOrPublicKey, options, callback
     var match = target.some(function(aud) { return audiences.indexOf(aud) != -1; });
 
     if (!match)
-      return done(new JsonWebTokenError('jwt audience invalid. expected: ' + payload.aud));
+      return done(new JsonWebTokenError('jwt audience invalid. expected: ' + audiences.join(' or ')));
   }
 
   if (options.issuer) {
     if (payload.iss !== options.issuer)
-      return done(new JsonWebTokenError('jwt issuer invalid. expected: ' + payload.iss));
+      return done(new JsonWebTokenError('jwt issuer invalid. expected: ' + options.issuer));
   }
 
   return done(null, payload);

Original file line number	Diff line number	Diff line change
`@@ -120,12 +120,12 @@ module.exports.verify = function(jwtString, secretOrPublicKey, options, callback`
`120`	`120`	`var match = target.some(function(aud) { return audiences.indexOf(aud) != -1; });`
`121`	`121`
`122`	`122`	`if (!match)`
`123`		`- return done(new JsonWebTokenError('jwt audience invalid. expected: ' + payload.aud));`
	`123`	`+ return done(new JsonWebTokenError('jwt audience invalid. expected: ' + audiences.join(' or ')));`
`124`	`124`	`}`
`125`	`125`
`126`	`126`	`if (options.issuer) {`
`127`	`127`	`if (payload.iss !== options.issuer)`
`128`		`- return done(new JsonWebTokenError('jwt issuer invalid. expected: ' + payload.iss));`
	`128`	`+ return done(new JsonWebTokenError('jwt issuer invalid. expected: ' + options.issuer));`
`129`	`129`	`}`
`130`	`130`
`131`	`131`	`return done(null, payload);`