in api/src/main/scala/com/gu/adapters/http/Authentication.scala [81:110]
private def authenticateUserWithOkta(
accessToken: Option[String],
identityAccessScope: IdentityAccessScope
): Either[Error, User] = {
// attempt to authenticate user with oauth tokens
val result = for {
token <- accessToken.toRight(
oauthTokenAuthorizationFailed(
List("No oauth access token in request"),
400
)
)
credentials = AccessToken(token.stripPrefix("Bearer "))
claims <- oktaLocalValidator
.parsedClaimsFromAccessToken(credentials, List(identityAccessScope))
.left
.map(e =>
oauthTokenAuthorizationFailed(
List(e.message),
e.suggestedHttpResponseCode
)
)
} yield claims.identityId
// determine result
result match {
case Left(err) => Left(err)
case Right(identityId) => Right(User(identityId))
}
}