Always try and parse token as JWT

binokkio · Feb 22, 2025 · d641cb7 · d641cb7
1 parent 782dcc2
commit d641cb7
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/...formers/jetty/src/main/java/b/nana/technology/gingester/transformers/jetty/http/Oidc.java b/...formers/jetty/src/main/java/b/nana/technology/gingester/transformers/jetty/http/Oidc.java
@@ -59,7 +59,6 @@ public final class Oidc implements Transformer<Object, Object> {
     private final String tokenRequestStart;
     private final Pattern loginParamPattern;
     private final boolean optional;
-    private final boolean accessTokenIsJwt;
 
     public Oidc(Parameters parameters) {
 
@@ -95,7 +94,6 @@ public Oidc(Parameters parameters) {
         cookieName = requireNonNull(parameters.cookieName, "Missing cookieName parameter");
         loginParamPattern = Pattern.compile("&?" + loginParam + "(?:=[^&]*)?&?");
         optional = parameters.optional;
-        accessTokenIsJwt = parameters.accessTokenIsJwt;
 
         fetchRequestQueryLogin = new FetchKey("http.request.query." + loginParam);
         fetchRequestCookie = new FetchKey("http.request.cookies." + cookieName);
@@ -238,11 +236,13 @@ private void handleTokenResponse(String tokenResponse) throws JsonProcessingExce
             if (refreshExpiresAtNode.isValueNode())
                 refreshExpiresAt = Instant.now().plus(Duration.ofSeconds(refreshExpiresAtNode.asInt())).minus(Duration.ofSeconds(30));
 
-            if (accessTokenIsJwt) {
+            try {
                 DecodedJWT decoded = JWT.decode(accessToken);
                 HashMap<String, JsonNode> claims = new HashMap<>();
                 decoded.getClaims().forEach((key, value) -> claims.put(key, value.as(JsonNode.class)));
                 stash.put("claims", claims);
+            } catch (Exception e) {
+                // ignore, probably not a JWT access token
             }
 
             if (userInfoUrl != null) {
@@ -275,6 +275,5 @@ public static class Parameters {
         public List<String> scopes = List.of("openid");
         public boolean optional;
         public boolean staticSessions;
-        public boolean accessTokenIsJwt;
     }
 }