From cab923886becfb082f6ff4663f4ee290d52d48f4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?John=20Arg=C3=A9rus?= <external.john.argerus2@de.bosch.com>
Date: Thu, 26 Oct 2023 14:34:42 +0200
Subject: [PATCH] [databroker] Fixes for updated jsonwebtoken

Update decoder to work with new version of jsonwebtoken.

"aud" should absolutely be checked, and we need to add support supplying
a set of valid audiences when running databroker.
---
 .../databroker/src/authorization/jwt/decoder.rs        | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/kuksa_databroker/databroker/src/authorization/jwt/decoder.rs b/kuksa_databroker/databroker/src/authorization/jwt/decoder.rs
index 63d9f883e..584a8c4b6 100644
--- a/kuksa_databroker/databroker/src/authorization/jwt/decoder.rs
+++ b/kuksa_databroker/databroker/src/authorization/jwt/decoder.rs
@@ -68,10 +68,10 @@ impl Decoder {
             }
         };
 
-        let validator = Validation::new(Algorithm::RS256);
-        // validator.leeway = 5;
-        // validator.set_audience(..);
-        // validator.set_issuer(..);
+        // TODO: Make algorithm configurable.
+        let mut validator = Validation::new(Algorithm::RS256);
+        // TODO: Make "aud" configurable.
+        validator.set_audience(&["kuksa.val"]);
 
         Ok(Decoder {
             decoding_key,
@@ -168,7 +168,7 @@ AEiqOjPq0D6X45wCzIwjILUCAwEAAQ==
             Ok(claims) => {
                 assert_eq!(claims.scope, "read:Vehicle.Speed");
             }
-            Err(_) => panic!("decode should succeed"),
+            Err(err) => panic!("decode should succeed but failed with:{}", err),
         }
     }
 }