You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@james.apache.org by bt...@apache.org on 2023/01/31 00:12:58 UTC
[james-project] 01/04: [FIX] OidcJwtTokenVerifier: be resilient upon missing kid
This is an automated email from the ASF dual-hosted git repository.
btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
commit 8f8db8ddfe882633e12b5bc143725154100d79e3
Author: Benoit Tellier <bt...@linagora.com>
AuthorDate: Fri Jan 27 22:42:13 2023 +0700
[FIX] OidcJwtTokenVerifier: be resilient upon missing kid
---
.../jwt/src/main/java/org/apache/james/jwt/OidcJwtTokenVerifier.java | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/server/protocols/jwt/src/main/java/org/apache/james/jwt/OidcJwtTokenVerifier.java b/server/protocols/jwt/src/main/java/org/apache/james/jwt/OidcJwtTokenVerifier.java
index fd73cf5039..35ba364dca 100644
--- a/server/protocols/jwt/src/main/java/org/apache/james/jwt/OidcJwtTokenVerifier.java
+++ b/server/protocols/jwt/src/main/java/org/apache/james/jwt/OidcJwtTokenVerifier.java
@@ -31,7 +31,6 @@ import io.jsonwebtoken.Header;
import io.jsonwebtoken.Jwt;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
-import io.jsonwebtoken.MalformedJwtException;
import reactor.core.publisher.Mono;
public class OidcJwtTokenVerifier {
@@ -55,7 +54,7 @@ public class OidcJwtTokenVerifier {
Jwt<Header, Claims> headerClaims = Jwts.parserBuilder().build().parseClaimsJwt(nonSignedToken);
T claim = (T) headerClaims.getHeader().get(claimName);
if (claim == null) {
- throw new MalformedJwtException("'" + claimName + "' field in token is mandatory");
+ return Optional.empty();
}
return Optional.of(claim);
} catch (JwtException e) {
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org