adutra commented on code in PR #1397:
URL: https://github.com/apache/polaris/pull/1397#discussion_r2050647833
##########
service/common/src/main/java/org/apache/polaris/service/auth/JWTBroker.java:
##########
@@ -62,29 +65,42 @@ public abstract class JWTBroker implements TokenBroker {
@Override
public DecodedToken verify(String token) {
+
+ DecodedJWT decodedJWT;
+ try {
+ decodedJWT = JWT.decode(token);
+ } catch (JWTDecodeException e) {
+ LOGGER.error("Failed to decode the token", e);
+ throw new NotAuthorizedException("Failed to decode the token");
+ }
+
+ if (!decodedJWT.getIssuer().equals(ISSUER_KEY)) {
+ throw new UnprocessableEntityException("Unexpected issuer: %s",
decodedJWT.getIssuer());
Review Comment:
Here, we need a way to signal the caller that the token issuer is wrong.
This must be a different error so that the caller can distinguish this
situation from a validation error situation.
I picked `UnprocessableEntityException` out of better choices.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
