-
Notifications
You must be signed in to change notification settings - Fork 693
Add support to allow multiple IAP audience claims #1856
Conversation
@acmarcel Please sign the Contributor License Agreement! Click here to manually synchronize the status of this Pull Request. See the FAQ for frequently asked questions. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!
if (LOGGER.isWarnEnabled()) { | ||
LOGGER.warn(String.format( | ||
"Expected audience %s did not match token audience %s", this.audience, t.getAudience())); | ||
String[] audiences = StringUtils.trimArrayElements(StringUtils.commaDelimitedListToStringArray(this.audience)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you make audiences
an instance variable, and move this logic into afterPropertiesSet()
? This way, the audience splitting will only be done once.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Got it!
"Expected audience %s did not match token audience %s", this.audience, t.getAudience())); | ||
String[] audiences = StringUtils.trimArrayElements(StringUtils.commaDelimitedListToStringArray(this.audience)); | ||
for (String audience : audiences) { | ||
if (t.getAudience() != null && t.getAudience().contains(audience)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now that this is done in a loop, it makes sense to move t.getAudience() != null
check to the very beginning of validate()
method and return OAuth2TokenValidatorResult.failure(INVALID_AUDIENCE);
right away if the audience is missing in token.
Currently autoconfiguration supports a single audience value. With this commit now is possible to configure multiple allowable IAP audience claims. Fixes spring-atticgh-1468
Codecov Report
@@ Coverage Diff @@
## master #1856 +/- ##
============================================
+ Coverage 72.62% 72.63% +0.01%
- Complexity 1833 1834 +1
============================================
Files 229 229
Lines 6736 6739 +3
Branches 695 697 +2
============================================
+ Hits 4892 4895 +3
Misses 1524 1524
Partials 320 320
Continue to review full report at Codecov.
|
@acmarcel Thank you for signing the Contributor License Agreement! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!
thanks! |
Currently autoconfiguration supports a single audience value. With this commit
now is possible to configure multiple allowable IAP audience claims.
Fixes gh-1468