We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error 401 is returned when one microservice sends request to another
Problem is caused with the following method in JwtProvider, that throws NPE:
private AuthenticationResponse authenticateToken(String token) { SignedJwt signedJwt; try { signedJwt = SignedJwt.parseToken(token); } catch (Exception e) { //invalid token return failOrAbstain("Invalid token" + e); } if (verifySignature) { Errors errors = signedJwt.verifySignature(verifyKeys, defaultJwk); if (errors.isValid()) { Jwt jwt = signedJwt.getJwt(); // verify the audience is correct Errors validate = jwt.validate(null, expectedAudience); // this throws NPE when expectedAudience is null if (validate.isValid()) { return AuthenticationResponse.success(buildSubject(jwt, signedJwt)); } else { return failOrAbstain("Audience is invalid or missing: " + expectedAudience); } } else { return failOrAbstain(errors.toString()); } } else { return AuthenticationResponse.success(buildSubject(signedJwt.getJwt(), signedJwt)); } }
The jwt.validate() calls the Jwt#validate method:
public Errors validate(String issuer, String audience) { return validate(issuer, Set.of(audience)); }
That throws NPE when audience is null
This NPE is propagated to error 401 in the end
Formerly, in Helidon 2.3.0 the audience null value was handled properly.
The text was updated successfully, but these errors were encountered:
Verdent
Successfully merging a pull request may close this issue.
Environment Details
Problem Description
Error 401 is returned when one microservice sends request to another
Problem is caused with the following method in JwtProvider, that throws NPE:
The jwt.validate() calls the Jwt#validate method:
That throws NPE when audience is null
This NPE is propagated to error 401 in the end
Formerly, in Helidon 2.3.0 the audience null value was handled properly.
The text was updated successfully, but these errors were encountered: