You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ConjureUndertowRuntime configures a ConjureAuthorizationExtractor which optimistically calls UnverifiedJsonWebToken.tryParse to extract user information from an unverified token.
What happened?
ConjureUndertowRuntimeconfigures aConjureAuthorizationExtractorwhich optimistically callsUnverifiedJsonWebToken.tryParseto extract user information from an unverified token.However, the Palantir auth-tokens project assumes Palantir's JWT format. Specifically, it tries to decode
sub,sidandjtias base64-encoded UUIDs: https://github.com/palantir/auth-tokens/blob/bb668c6e99dd211799cbc4aa7602114b9d882368/auth-tokens/src/main/java/com/palantir/tokens/auth/UnverifiedJsonWebToken.java#L125-L128When using Conjure with non-Palantir tokens, this fills the logs with parse exceptions (albeit not failing the request).
What did you want to happen?
The
ConjureUndertowRuntime.Buildercould allow the user to override the mechanism for extracting the userId, sessionId and tokenId from a BearerToken.Happy to put up a PR.
The text was updated successfully, but these errors were encountered: