[databroker] Fixes for updated jsonwebtoken

Update decoder to work with new version of jsonwebtoken. "aud" should absolutely be checked, and we need to add support supplying a set of valid audiences when running databroker.
eclipse · Oct 26, 2023 · cab9238 · cab9238
1 parent 09e744a
commit cab9238
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/kuksa_databroker/databroker/src/authorization/jwt/decoder.rs b/kuksa_databroker/databroker/src/authorization/jwt/decoder.rs
@@ -68,10 +68,10 @@ impl Decoder {
             }
         };
 
-        let validator = Validation::new(Algorithm::RS256);
-        // validator.leeway = 5;
-        // validator.set_audience(..);
-        // validator.set_issuer(..);
+        // TODO: Make algorithm configurable.
+        let mut validator = Validation::new(Algorithm::RS256);
+        // TODO: Make "aud" configurable.
+        validator.set_audience(&["kuksa.val"]);
 
         Ok(Decoder {
             decoding_key,
@@ -168,7 +168,7 @@ AEiqOjPq0D6X45wCzIwjILUCAwEAAQ==
             Ok(claims) => {
                 assert_eq!(claims.scope, "read:Vehicle.Speed");
             }
-            Err(_) => panic!("decode should succeed"),
+            Err(err) => panic!("decode should succeed but failed with:{}", err),
         }
     }
 }