Skip to content

Commit

Permalink
improve error messages
Browse files Browse the repository at this point in the history
  • Loading branch information
@Yoshani
Yoshani committed Nov 14, 2023
1 parent d28b7f4 commit 1ecfe9e
Showing 1 changed file with 24 additions and 15 deletions.
39 changes: 24 additions & 15 deletions ...t-type/src/main/java/org/wso2/carbon/identity/oauth2/grant/jwt/JWTBearerGrantHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -334,13 +334,13 @@ public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx) throws Id
//check whether this jwt was issued by the resident identity provider
identityProvider = getResidentIDPForIssuer(tenantDomain, jwtIssuer);
if (identityProvider == null) {
handleClientException("No Registered IDP found for the JWT with issuer name : " + jwtIssuer);
handleClientException("No registered identity provider found for the JWT with issuer name : " + jwtIssuer);
}
}

tokenEndPointAlias = getTokenEndpointAlias(identityProvider);
} else {
handleClientException("No Registered IDP found for the JWT with issuer name : " + jwtIssuer);
handleClientException("No registered identity provider found for the JWT with issuer name : " + jwtIssuer);
}
if (signedJWT != null) {
signatureValid = validateSignature(signedJWT, identityProvider);
Expand Down Expand Up @@ -689,10 +689,13 @@ private boolean checkExpirationTime(Date expirationTime, long currentTimeInMilli

long expirationTimeInMillis = expirationTime.getTime();
if ((currentTimeInMillis + timeStampSkewMillis) > expirationTimeInMillis) {
handleClientException("JSON Web Token is expired." +
", Expiration Time(ms) : " + expirationTimeInMillis +
", TimeStamp Skew : " + timeStampSkewMillis +
", Current Time : " + currentTimeInMillis + ". JWT Rejected and validation terminated");
if (log.isDebugEnabled()) {
log.debug("JSON Web Token is expired." +
", Expiration Time(ms) : " + expirationTimeInMillis +
", TimeStamp Skew : " + timeStampSkewMillis +
", Current Time : " + currentTimeInMillis + ". JWT Rejected and validation terminated");
}
handleClientException("JSON Web Token is expired.");
}
return true;
}
Expand All @@ -710,10 +713,13 @@ private boolean checkNotBeforeTime(Date notBeforeTime, long currentTimeInMillis,

long notBeforeTimeMillis = notBeforeTime.getTime();
if (currentTimeInMillis + timeStampSkewMillis < notBeforeTimeMillis) {
handleClientException("JSON Web Token is used before Not_Before_Time." +
", Not Before Time(ms) : " + notBeforeTimeMillis +
", TimeStamp Skew : " + timeStampSkewMillis +
", Current Time : " + currentTimeInMillis + ". JWT Rejected and validation terminated");
if (log.isDebugEnabled()) {
log.debug("JSON Web Token is used before Not_Before_Time." +
", Not Before Time(ms) : " + notBeforeTimeMillis +
", TimeStamp Skew : " + timeStampSkewMillis +
", Current Time : " + currentTimeInMillis + ". JWT Rejected and validation terminated");
}
handleClientException("JSON Web Token is used before Not_Before_Time.");
}
return true;
}
Expand All @@ -734,11 +740,14 @@ private boolean checkValidityOfTheToken(Date issuedAtTime, long currentTimeInMil
long rejectBeforeMillis = 1000L * 60 * validityPeriod;
if (currentTimeInMillis + timeStampSkewMillis - issuedAtTimeMillis >
rejectBeforeMillis) {
handleClientException("JSON Web Token is issued before the allowed time." +
", Issued At Time(ms) : " + issuedAtTimeMillis +
", Reject before limit(ms) : " + rejectBeforeMillis +
", TimeStamp Skew : " + timeStampSkewMillis +
", Current Time : " + currentTimeInMillis + ". JWT Rejected and validation terminated");
if (log.isDebugEnabled()) {
log.debug("JSON Web Token is issued before the allowed time." +
", Issued At Time(ms) : " + issuedAtTimeMillis +
", Reject before limit(ms) : " + rejectBeforeMillis +
", TimeStamp Skew : " + timeStampSkewMillis +
", Current Time : " + currentTimeInMillis + ". JWT Rejected and validation terminated");
}
handleClientException("JSON Web Token is issued before the allowed time.");
}
return true;
}
Expand Down

0 comments on commit 1ecfe9e

Please sign in to comment.