What happened?
ConjureUndertowRuntime configures a ConjureAuthorizationExtractor which optimistically calls UnverifiedJsonWebToken.tryParse to extract user information from an unverified token.
However, the Palantir auth-tokens project assumes Palantir's JWT format. Specifically, it tries to decode sub, sid and jti as base64-encoded UUIDs: https://github.com/palantir/auth-tokens/blob/bb668c6e99dd211799cbc4aa7602114b9d882368/auth-tokens/src/main/java/com/palantir/tokens/auth/UnverifiedJsonWebToken.java#L125-L128
When using Conjure with non-Palantir tokens, this fills the logs with parse exceptions (albeit not failing the request).
What did you want to happen?
The ConjureUndertowRuntime.Builder could allow the user to override the mechanism for extracting the userId, sessionId and tokenId from a BearerToken.
Happy to put up a PR.
What happened?
ConjureUndertowRuntimeconfigures aConjureAuthorizationExtractorwhich optimistically callsUnverifiedJsonWebToken.tryParseto extract user information from an unverified token.However, the Palantir auth-tokens project assumes Palantir's JWT format. Specifically, it tries to decode
sub,sidandjtias base64-encoded UUIDs: https://github.com/palantir/auth-tokens/blob/bb668c6e99dd211799cbc4aa7602114b9d882368/auth-tokens/src/main/java/com/palantir/tokens/auth/UnverifiedJsonWebToken.java#L125-L128When using Conjure with non-Palantir tokens, this fills the logs with parse exceptions (albeit not failing the request).
What did you want to happen?
The
ConjureUndertowRuntime.Buildercould allow the user to override the mechanism for extracting the userId, sessionId and tokenId from a BearerToken.Happy to put up a PR.