Skip to content

fix: wrap SyntaxError as JsonWebTokenError for malformed payloads#1025

Open
abhu85 wants to merge 1 commit intoauth0:masterfrom
abhu85:fix/591-malformed-json-error
Open

fix: wrap SyntaxError as JsonWebTokenError for malformed payloads#1025
abhu85 wants to merge 1 commit intoauth0:masterfrom
abhu85:fix/591-malformed-json-error

Conversation

@abhu85
Copy link
Copy Markdown

@abhu85 abhu85 commented Apr 29, 2026

Summary

Wrap SyntaxError from malformed JWT payloads as JsonWebTokenError for consistent error handling.

Problem

When jwt.verify() encounters a token with an invalid JSON payload, it throws a raw SyntaxError instead of a JsonWebTokenError with message "jwt malformed". This is inconsistent with the documented error types and forces consumers to catch multiple error types.

Solution

Wrap the JSON.parse() call for the JWT payload in a try/catch block. When a SyntaxError is caught, re-throw as new JsonWebTokenError('jwt malformed').

Test Plan

  • Malformed JSON payload throws JsonWebTokenError (not SyntaxError)
  • Error message is "jwt malformed"
  • Valid tokens still verify correctly
  • Existing test suite passes

Fixes #591
Fixes #652

fix: wrap SyntaxError as JsonWebTokenError for malformed payloads (au…
6de78ef 
…th0#591)

When jwt.verify() encounters a token with an invalid JSON payload,
jws.decode() throws a raw SyntaxError. This wraps SyntaxError as
JsonWebTokenError with message "jwt malformed" for consistency with
documented error types.

Fixes auth0#591
Fixes auth0#652
@abhu85 abhu85 requested a review from a team as a code owner April 29, 2026 19:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

SyntaxError instead of JsonWebTokenError Malformed token cause verify method to return SyntaxError

1 participant

@abhu85