This is an automated email from the ASF dual-hosted git repository. btellier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git
commit 8f8db8ddfe882633e12b5bc143725154100d79e3 Author: Benoit Tellier <[email protected]> AuthorDate: Fri Jan 27 22:42:13 2023 +0700 [FIX] OidcJwtTokenVerifier: be resilient upon missing kid --- .../jwt/src/main/java/org/apache/james/jwt/OidcJwtTokenVerifier.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/server/protocols/jwt/src/main/java/org/apache/james/jwt/OidcJwtTokenVerifier.java b/server/protocols/jwt/src/main/java/org/apache/james/jwt/OidcJwtTokenVerifier.java index fd73cf5039..35ba364dca 100644 --- a/server/protocols/jwt/src/main/java/org/apache/james/jwt/OidcJwtTokenVerifier.java +++ b/server/protocols/jwt/src/main/java/org/apache/james/jwt/OidcJwtTokenVerifier.java @@ -31,7 +31,6 @@ import io.jsonwebtoken.Header; import io.jsonwebtoken.Jwt; import io.jsonwebtoken.JwtException; import io.jsonwebtoken.Jwts; -import io.jsonwebtoken.MalformedJwtException; import reactor.core.publisher.Mono; public class OidcJwtTokenVerifier { @@ -55,7 +54,7 @@ public class OidcJwtTokenVerifier { Jwt<Header, Claims> headerClaims = Jwts.parserBuilder().build().parseClaimsJwt(nonSignedToken); T claim = (T) headerClaims.getHeader().get(claimName); if (claim == null) { - throw new MalformedJwtException("'" + claimName + "' field in token is mandatory"); + return Optional.empty(); } return Optional.of(claim); } catch (JwtException e) { --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
