question: panic on incorrect segments in jwt token could lead to denail of service? #2
Description
I encountered this error when trying to figure out if there was a way to setup middleware for validating a cookie
panic: token contains an invalid number of segments
I understand that in the example given in the docs it falls on the user to manually check this (https://docs.authorizer.dev/authorizer-go/example)
if len(tokenSplit) < 2 || tokenSplit[1] == "" {
// unauthorized
c.AbortWithStatusJSON(401, "unauthorized")
return
}
However, if a user doesn't check this then why should their application panic instead of logging that the jwt issued is not a valid format/malformed instead of causing the user to have to restart their service.
surely this gives bad actors an easy way to achieve denial of service by just issuing badly formed JWT tokens?