@@ -19,51 +19,60 @@ class MultipleIssuersJwtDecoder implements JwtDecoder {
1919 private final Map <String , NimbusJwtDecoder > decoderMap ;
2020
2121 MultipleIssuersJwtDecoder (List <ResourceServerProperties > properties ) {
22- this .decoderMap = properties .stream ().collect (Collectors .toMap (
23- ResourceServerProperties ::getIssuerUri ,
24- props -> {
25- NimbusJwtDecoder jwtDecoder = JwtDecoders .fromIssuerLocation (props .getIssuerUri ());
26- jwtDecoder .setJwtValidator (oAuth2TokenValidator (props ));
27- return jwtDecoder ;
28- }
29- ));
22+ this .decoderMap = properties
23+ .stream ()
24+ .peek (config -> log .info ("Configuring decoder for issuer {}" , config .getIssuerUri ()))
25+ .collect (Collectors .toMap (
26+ ResourceServerProperties ::getIssuerUri ,
27+ props -> {
28+ NimbusJwtDecoder jwtDecoder = JwtDecoders .fromIssuerLocation (props .getIssuerUri ());
29+ jwtDecoder .setJwtValidator (new DelegatingOAuth2TokenValidator <>(issuerValidator (props ), audienceValidator (props )));
30+ return jwtDecoder ;
31+ }
32+ ));
3033 }
3134
3235 @ Override
3336 public Jwt decode (String token ) throws JwtException {
3437 try {
35- var issuer = JWTParser
36- .parse (token )
37- .getJWTClaimsSet ()
38- .getIssuer ();
39- return decoderMap
40- .get (issuer )
41- .decode (token );
38+ var parsed = JWTParser .parse (token );
39+ var claims = parsed .getJWTClaimsSet ();
40+ var issuer = claims .getIssuer ();
41+ log .info ("Decoding token from issuer {}" , issuer );
42+ var decoder = decoderMap .get (issuer );
43+ log .info ("Decoding using decoder {} instanceof {}" , decoder , decoder .getClass ());
44+ var decoded = decoder .decode (token );
45+ log .info ("Decoded token with claims {}" , decoded == null ? "null!?" : decoded .getClaims ());
46+ return decoded ;
4247 } catch (ParseException e ) {
4348 log .error ("Feil ved parsing av token" , e );
4449 throw new JwtException ("Feil ved parsing av token" , e );
4550 } catch (JwtValidationException e ) {
46- log .error ("Feil ved validering av token" , e );
51+ log .error ("Feil ved validering av token: {}" , e . getErrors () , e );
4752 throw e ;
4853 } catch (Exception e ) {
4954 log .error ("Ukjent feil" , e );
5055 throw e ;
5156 }
5257 }
5358
54- private OAuth2TokenValidator <Jwt > oAuth2TokenValidator (ResourceServerProperties properties ) {
55- OAuth2TokenValidator <Jwt > issuerValidator = JwtValidators .createDefaultWithIssuer (properties .getIssuerUri ());
56- OAuth2TokenValidator <Jwt > audienceValidator = token ->
57- token .getAudience ().stream ().anyMatch (audience -> properties .getAcceptedAudience ().contains (audience )) ?
58- OAuth2TokenValidatorResult .success () :
59- OAuth2TokenValidatorResult .failure (createError (
60- String .format ("Fant ikke påkrevd audience %s i tokenet." , properties .getAcceptedAudience ())
61- ));
62- return new DelegatingOAuth2TokenValidator <>(issuerValidator , audienceValidator );
59+ private static OAuth2TokenValidator <Jwt > issuerValidator (ResourceServerProperties properties ) {
60+ return JwtValidators .createDefaultWithIssuer (properties .getIssuerUri ());
6361 }
6462
65- private OAuth2Error createError (String msg ) {
66- return new OAuth2Error ("invalid_token" , msg , null );
63+ private static OAuth2TokenValidator <Jwt > audienceValidator (ResourceServerProperties properties ) {
64+ return token -> token
65+ .getAudience ()
66+ .stream ()
67+ .anyMatch (audience -> properties .getAcceptedAudience ().contains (audience )) ?
68+ OAuth2TokenValidatorResult .success () :
69+ OAuth2TokenValidatorResult .failure (error (properties .getAcceptedAudience (), token .getAudience ()));
70+ }
71+
72+ private static OAuth2Error error (List <String > acceptedAudiences , List <String > tokenAudiences ) {
73+ var message = "Fant ikke påkrevd audience %s i tokenet, bare %s" .formatted (acceptedAudiences , tokenAudiences );
74+ log .error (message );
75+ return new OAuth2Error ("invalid_token" , message , null );
6776 }
6877
6978}
0 commit comments