export function decodeJwtToken()

in src/smartAuthorizationHelper.ts [158:191]

• 30 lines of code
• 10 McCabe index (conditional complexity)

export function decodeJwtToken(token: string, expectedAudValue: string | RegExp, expectedIssValue: string) {
    const decodedAccessToken = decode(token, { complete: true });
    if (decodedAccessToken === null || typeof decodedAccessToken === 'string') {
        logger.warn('access_token could not be decoded into an object');
        throw new UnauthorizedError(GENERIC_ERR_MESSAGE);
    }

    const { aud, iss } = decodedAccessToken.payload;

    if (expectedIssValue !== iss) {
        logger.warn('access_token has unexpected `iss`');
        throw new UnauthorizedError(GENERIC_ERR_MESSAGE);
    }

    let audArray: string[] = [];
    if (aud) {
        if (typeof aud === 'string') {
            audArray = [aud];
        } else {
            audArray = aud;
        }
    }
    const audMatch: boolean = audArray.some(
        (audience: string) =>
            (typeof expectedAudValue === 'string' && expectedAudValue === audience) ||
            (expectedAudValue instanceof RegExp && expectedAudValue.test(audience)),
    );
    if (!audMatch) {
        logger.warn('access_token has unexpected `aud`');
        throw new UnauthorizedError(GENERIC_ERR_MESSAGE);
    }

    return decodedAccessToken;
}