better error message

deepu105 · deepu105 · commit 0e3fa7845392 · 2024-05-23T19:43:10.000+02:00
diff --git a/README.md b/README.md
@@ -129,6 +129,7 @@ jwtui [OPTIONS] [TOKEN]
 
 # Start UI with prefilled token to decode and JWKS secret from URL
 jwtui -S $(curl https://domain.auth0.com/.well-known/jwks.json) [TOKEN]
+# if your provider has a different URL for JWKS, look for `jwks_uri` in https://your.idp.com/.well-known/openid-configuration
 
 # Print decoded token to stdout with HMAC plain text secret
 jwtui -s -S 'plain_text_secret' [TOKEN]
@@ -140,7 +141,7 @@ jwtui -sn [TOKEN]
 jwtui -s -S 'b64:eW91ci0yNTYtYml0LXNlY3JldAo=' [TOKEN]
 
 # Print decoded token to stdout as JSON
-jwtui -sj -S '@./secret.pem' [TOKEN]
+jwtui -j -S '@./secret.pem' [TOKEN]
 
 # Print decoded token to stdout with JWKS secret from url
 jwtui -s -S $(curl https://domain.auth0.com/.well-known/jwks.json) [TOKEN]
@@ -156,7 +157,7 @@ Options:
 - `-S, --secret <SECRET>` Secret for validating the JWT. Can be text, file path (beginning with @) or base64 encoded string (beginning with b64:) [default: ]
 - `-s, --stdout` Print to STDOUT instead of starting the CLI in TUI mode
 - `-n, --no-verify` Do not validate the signature of the JWT when printing to STDOUT.
-- `-j, --json` Format STDOUT as JSON
+- `-j, --json` Print to STDOUT as JSON
 - `-t, --tick-rate <TICK_RATE>` Set the tick rate (milliseconds): the lower the number the higher the FPS. Must be less than 1000 [default: 250]
 - `-h, --help` Print help
 - `-V, --version` Print version
diff --git a/src/app/jwt_decoder.rs b/src/app/jwt_decoder.rs
@@ -371,10 +371,9 @@ mod tests {
     let (decode_only, verified_token_data) = decode_token(&args);
 
     assert!(decode_only.is_ok());
-    assert!(verified_token_data
-      .unwrap_err()
-      .to_string()
-      .contains("The JWT provided has an invalid signature: InvalidSignature"));
+    assert!(verified_token_data.unwrap_err().to_string().contains(
+      "The JWT provided has an invalid signature. Provide a valid secret: InvalidSignature"
+    ));
 
     let decode_only_token = decode_only.unwrap();
 
diff --git a/src/app/utils.rs b/src/app/utils.rs
@@ -174,7 +174,7 @@ fn map_external_error(ext_err: &Error) -> String {
           "The JWT provided is invalid".to_string()
         }
         ErrorKind::InvalidSignature => {
-          "The JWT provided has an invalid signature".to_string()
+          "The JWT provided has an invalid signature. Provide a valid secret".to_string()
         }
         ErrorKind::InvalidRsaKey(_) => {
           "The secret provided isn't a valid RSA key".to_string()
diff --git a/src/main.rs b/src/main.rs
@@ -44,7 +44,7 @@ pub struct Cli {
   /// Do not validate the signature of the JWT when printing to STDOUT.
   #[arg(short, long, value_parser, default_value_t = false)]
   pub no_verify: bool,
-  /// Format STDOUT as JSON.
+  /// Print to STDOUT as JSON.
   #[arg(short, long, value_parser, default_value_t = false)]
   pub json: bool,
   /// Set the tick rate (milliseconds): the lower the number the higher the FPS. Must be less than 1000.
@@ -66,7 +66,7 @@ fn main() -> Result<()> {
     panic!("Tick rate must be below 1000");
   }
 
-  if cli.stdout && cli.token.is_some() {
+  if (cli.stdout || cli.json) && cli.token.is_some() {
     to_stdout(cli);
   } else {
     // The UI must run in the "main" thread

Original file line number	Diff line number	Diff line change
`@@ -174,7 +174,7 @@ fn map_external_error(ext_err: &Error) -> String {`
`174`	`174`	`"The JWT provided is invalid".to_string()`
`175`	`175`	`}`
`176`	`176`	`ErrorKind::InvalidSignature => {`
`177`		`- "The JWT provided has an invalid signature".to_string()`
	`177`	`+ "The JWT provided has an invalid signature. Provide a valid secret".to_string()`
`178`	`178`	`}`
`179`	`179`	`ErrorKind::InvalidRsaKey(_) => {`
`180`	`180`	`"The secret provided isn't a valid RSA key".to_string()`