in app/auth/BearerTokenAuth.scala [136:159]
def validateToken(token:LoginResultOK[String]):Either[LoginResult,LoginResultOK[JWTClaimsSet]] = {
logger.debug(s"validating token $token")
Try {
SignedJWT.parse(token.content)
} match {
case Success(signedJWT) =>
getVerifier(Option(signedJWT.getHeader.getKeyID)) match {
case Some(verifier)=>
if (signedJWT.verify(verifier)) {
logger.debug("verified JWT")
logger.debug(s"${signedJWT.getJWTClaimsSet.toJSONObject}")
Right(LoginResultOK(signedJWT.getJWTClaimsSet, false))
} else {
Left(LoginResultInvalid(token.content))
}
case None =>
logger.error(s"No signing cert could be found. There are ${maybeVerifiers.map(_.getKeys.toArray.length).getOrElse(0)} configured keys from location '$signingCertPath'")
Left(LoginResultMisconfigured("No signing cert configured"))
}
case Failure(err) =>
logger.error(s"Failed to validate token for ${token.content}: ${err.getMessage}")
Left(LoginResultInvalid(token.content))
}
}