func()

in server/server.go [166:199]

• 28 lines of code
• 8 McCabe index (conditional complexity)

func (s *SecureSessionService) verifyToken(ctx context.Context) error {
	// If no audience, it's a unit test and don't verify the token.
	// Note that a real server implementation should remove this check.
	// Otherwise, if a server was started up without an expected audience,
	// an attacker could pass token authentication by not passing a token.
	if s.audience == "" {
		return nil
	}
	md, present := metadata.FromIncomingContext(ctx)
	if !present {
		return fmt.Errorf("expected to see metadata")
	}
	tokenValues := md.Get(TokenMetadataKey)
	if len(tokenValues) != 1 {
		return fmt.Errorf("Expected to see one value for the authorization token: %v in metadata %v", tokenValues, md)
	}

	authTokenWithPrefix := tokenValues[0]
	if len(authTokenWithPrefix) < len(TokenPrefix) {
		return fmt.Errorf("Auth token %s is too short", tokenValues[0])
	}
	authToken := tokenValues[0][len(TokenPrefix):]

	if s.testTokenValidator != nil {
		if _, err := s.testTokenValidator.Validate(ctx, authToken, s.audience); err != nil {
			return fmt.Errorf("error validating auth token: %w", err)
		}
	} else {
		if _, err := idtoken.Validate(ctx, authToken, s.audience); err != nil {
			return fmt.Errorf("error validating auth token: %w", err)
		}
	}
	return nil
}