in app/auth/AuthorisedAction.scala [28:47]
protected def refine[A](request: Request[A]): Future[Either[Result, RequestWithClaims[A]]] = {
Helpers.fetchBearerTokenFromAuthHeader(request.headers.get) match {
case Left(_) => Future.successful(Left(Unauthorized("Request has no Authorization header")))
case Right(token) =>
oktaAuthService
.validateAccessToken(AccessToken(token), requiredScopes)
.redeem(
{
case OktaValidationException(err: ValidationError) =>
logger.info(
s"Token validation failed for request from ${origin(request)}: ${request.method} ${request.path}: ${err.message}"
)
Left(new Status(err.suggestedHttpResponseCode)("Access token validation failed."))
case err => Left(InternalServerError(err.getMessage))
},
claims => Right(RequestWithClaims(claims, request))
)
.unsafeToFuture()
}
}