jdb/buffoonery
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Separate two cases for validation of aud claim.

Browse Source
This commit is contained in:
Jonathan Bernard 2022-02-07 13:40:35 -06:00
parent 4e0d06bb67
commit 546d1a9cbe
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/buffoonery/auth.nim
View File

@ -136,10 +136,13 @@ proc validateJWT*(ctx: ApiAuthContext, jwt: JWT) =
if jwt.header.alg.isNone: failAuth "Missing 'alg' header property." if jwt.header.alg.isNone: failAuth "Missing 'alg' header property."
if jwt.claims.aud.isNone or if jwt.claims.aud.isNone: failAuth "Missing 'aud' claim."
not ctx.validAudiences.contains(jwt.claims.aud.get):
if not ctx.validAudiences.contains(jwt.claims.aud.get):
log.debug(
"Valid audiences: $#\ttoken audience: $#" %
[$ctx.validAudiences, jwt.claims.aud.get])
failAuth "JWT is not for us (invalid audience)." failAuth "JWT is not for us (invalid audience)."
failAuth "Issuer is trusted, but the token is not for the expected audience."
let signingAlgorithm = jwt.header.alg.get let signingAlgorithm = jwt.header.alg.get