adutra commented on code in PR #1397:
URL: https://github.com/apache/polaris/pull/1397#discussion_r2060635867
##########
quarkus/service/src/main/java/org/apache/polaris/service/quarkus/auth/internal/InternalAuthenticationMechanism.java:
##########
@@ -56,9 +84,34 @@ public Uni<SecurityIdentity> authenticate(
}
String credential = authHeader.substring(spaceIdx + 1);
+
+ DecodedToken token;
+ try {
+ token = decodeToken(credential);
+ } catch (Exception e) {
+ return configuration.type() == AuthenticationType.MIXED
Review Comment:
After playing with this a bit, I'd be in favor of leaving this for a
follow-up PR. The changes to the `TokenBroker` interface become a bit invasive
imho.
I was trying something like this:
```java
interface TokenBroker {
DecodedToken decode(String token); // done in
InternalAuthenticationMechanism
void verify(DecodedToken token); // done in InternalIdentityProvider
...
}
```
But:
1. `decode` would still throw an exception on every request with an external
token;
2. We'd need to leak some auth0 types in the `DecodedToken` interface in
order to avoid re-parsing the token. e.g. `DecodedJWT getAuth0Token();`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@polaris.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
