[Solved] Identify the error in this JWT guard snippet that causes it to always allow access even with invalid tokens: async canActivate(context: ExecutionContext) { const request = context.switchToHttp().... | NestJS

NestJS - Guards

Identify the error in this JWT guard snippet that causes it to always allow access even with invalid tokens:

async canActivate(context: ExecutionContext) {
  const request = context.switchToHttp().getRequest();
  const token = request.headers['authorization']?.split(' ')[1];
  if (!token) return false;
  try {
    const payload = await this.jwtService.verifyAsync(token);
    request.user = payload;
  } catch {
    return true;
  }
  return true;
}

AThe method should not be async

BThe token extraction splits incorrectly

CThe catch block returns true, allowing access on token errors

DThe user is not attached to the request

Step-by-Step Solution

Solution:

Step 1: Review the catch block behavior
The catch block returns true, which means even if token verification fails, access is allowed.
Step 2: Understand correct error handling in guards
On verification failure, the guard should deny access by returning false or throwing an exception.
Final Answer:
The catch block returns true, allowing access on token errors -> Option C
Quick Check:
Catch returning true = always allow access [OK]

Quick Trick: Catch block must deny access, not allow it [OK]

Common Mistakes:

Returning true in catch block
Ignoring token verification errors
Not attaching user to request

Master "Guards" in NestJS

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Perf

More NestJS Quizzes

Identify the error in this JWT guard snippet that causes it to always allow access even with invalid tokens:

Step 1: Review the catch block behavior

Step 2: Understand correct error handling in guards

Final Answer:

Quick Check:

Want More Practice?