@Override public Map<String, Object> verify(String token) throws TokenVerifyException { Args.notEmpty(token, "token"); String[] parts = Strings.split(token, '.'); if (parts.length < 2 || parts.length > 3) { throw new TokenVerifyException(ErrorCode.INVALID_TOKEN, "Invalid jwt token, wrong number of parts: " + parts.length); } String content; String payload; String signature; if (parts.length == 2) { content = parts[0]; payload = parts[0]; signature = parts[1]; } else { content = parts[0] + "." + parts[1]; payload = parts[1]; signature = parts[2]; } if (payload.isEmpty() || signature.isEmpty()) { throw new TokenVerifyException(ErrorCode.INVALID_TOKEN, "Invalid jwt token, both payload and signature parts must not be empty"); } return verify(content, payload, signature); }
protected State handleOAuth2ServerSuccess(Request request, Response response, OAuth2Params params) throws Throwable { AccessToken at = null; if(config.isLoginWithAccessToken()) { String code = params.getCode(); if(Strings.isEmpty(code)) { return error(request, response, "illegal_state", "code required from oauth2 server"); } at = codeVerifier.verifyCode(code); if(null == at) { return error(request, response, "illegal_state", "invalid authorization code"); } } String idToken = params.getIdToken(); if(Strings.isEmpty(idToken)) { return error(request, response, "illegal_state", "id_token required from oauth2 server"); } try{ IdToken credentials = idTokenVerifier.verifyIdToken(params, idToken); Authentication authc = authenticate(params, credentials, at); login(request, response, authc); return State.CONTINUE; }catch (TokenVerifyException e) { return error(request, response, e.getErrorCode().name(), e.getMessage()); } }
log.info("Token verify error, " + e.getMessage(), e); removeCookie(request, response); return Result.empty();
errorHandler.handleInvalidToken(request, response, e.getMessage()); return State.INTERCEPTED; } catch (OAuth2ResponseException e) {
protected Map<String, Object> verify(String content, String payload, String signature) { if (!verifySignature(content, signature)) { throw new TokenVerifyException(ErrorCode.INVALID_SIGNATURE, "Signature verification failed"); } JsonValue json; try { json = JSON.parse(JWT.base64UrlDeocodeToString(payload)); } catch (Exception e) { throw new TokenVerifyException(ErrorCode.INVALID_PAYLOAD, "Parse payload as json object failed, " + e.getMessage()); } if (!json.isMap()) { throw new TokenVerifyException(ErrorCode.INVALID_PAYLOAD, "The payload must be json object '{..}'"); } //get claims Map<String, Object> claims = json.asMap(); //verify expiration verifyExpiration(claims); return claims; }
JwtVerifier verifier = rsc.getJwtVerifier(); if(verifier == null){ throw new TokenVerifyException(TokenVerifyException.ErrorCode.VERIFY_FAILED, "the jwt verifier must be specified!");