simplify JWKS decoding in OpenID and more tests (#10119)

add tests for non-compliant Azure AD behavior with "nonce" to fail properly and treat it as expected behavior for non-standard JWT tokens.
2025-11-25 12:06:10 -05:00 · 2020-07-25 08:42:41 -07:00
parent 416ec316bd
commit abbf6ce6cc
4 changed files with 94 additions and 52 deletions
--- a/cmd/config/identity/openid/jwt.go
+++ b/cmd/config/identity/openid/jwt.go
@@ -185,13 +185,7 @@ func (p *JWT) Validate(token, dsecs string) (map[string]interface{}, error) {
 	var claims jwtgo.MapClaims
 	jwtToken, err := jp.ParseWithClaims(token, &claims, keyFuncCallback)
 	if err != nil {
-		if err = p.PopulatePublicKey(); err != nil {
-			return nil, err
-		}
-		jwtToken, err = jwtgo.ParseWithClaims(token, &claims, keyFuncCallback)
-		if err != nil {
-			return nil, err
-		}
+		return nil, err
 	}

 	if !jwtToken.Valid {
@@ -203,7 +197,6 @@ func (p *JWT) Validate(token, dsecs string) (map[string]interface{}, error) {
 	}

 	return claims, nil
-
 }

 // ID returns the provider name and authentication type.