Nil pointer reference, if refreshtoken is expired or not sent with request

[iwyg]

Hello there

Although this is a quite unlikely scenario, the auth.Handler will panic, caused by line 412 in auth.go, if the refresh token is not sent with the request.

Maybe error branching after calling err := auth.Process() instead of just checking for not err != nil would be a viable solution?

Kind Regards

[adam-hanna]

Sorry, I'm just seeing this, now. Thanks for the report.

[areYouLazy]

The same error seems to be triggered if the X-CSRF-Token does not match the value in JWTs