Invalid JWT Token causes access violation

Is there a way to handle an invalid JWT and prevent an access violation when using TSparkleJTWMiddleware adn XDataServer?

I am doing security testing and if an incorrectly formatted JTW token is passed in the header, the server throws an access violation, as opposed to saying something like 'invalid token format'. I've tried intercepting with the XDataServerJWTBeforeValidation event, but that does not get called - the access violation happens immediately before the attempt to validate the token.

Help is apprecated.

Can you please provide steps to reproduce the issue? We are not aware of Access Violations in that regard.

Hi Wagner, it happens when using the Swagger UI with authentication method set to JWT. If you set it to an invalid JWT format, it causes an access violation. For example, in the swagger authorization, enter "bearer thisisaninvalidtoken" and then try to execute any method that requires authorization. When I do, I get an access violation.

I cannot reproduce it. Using JwtAuthDemo, I just enabled AuthMode:


Then tried your steps and it returns fine: