A modern programming language that makes developers happier.

kotlinlang

Is there no way to differentiate between different verification failures/exceptions whe ktor's jwt authentication? The challenge function only receives the application call in the context, no exception/cause :confused:

How is it possible to implement token refresh functionality when we cannot know whether the token verification failed only because of expiry and not some other verification issue?

Server, I'm talking about generating an access/refresh token pair and having a specific error returned when an otherwise valid access token has expired

I have "solved" this issue by taking the authorization header value from the `call.request` object and manually splitting it and verifying it.
This works but it results in having to verify the access token twice when the first verification fails and the `challenge` function is called :confused: