From 265c20ee753f5d37c77f03118033598e63992112 Mon Sep 17 00:00:00 2001 From: Qynn Schwaab Date: Tue, 29 Oct 2024 12:00:50 -0400 Subject: [PATCH] fix: return jwt claims as part of RequestState --- .../helpers/jwks/AuthenticateRequest.java | 5 ++-- .../helpers/jwks/RequestState.java | 25 +++++++++++++++---- .../helpers/jwks/AuthenticateRequestTest.java | 5 +++- 3 files changed, 27 insertions(+), 8 deletions(-) diff --git a/src/main/java/com/clerk/backend_api/helpers/jwks/AuthenticateRequest.java b/src/main/java/com/clerk/backend_api/helpers/jwks/AuthenticateRequest.java index 321912b..7e5b1b6 100644 --- a/src/main/java/com/clerk/backend_api/helpers/jwks/AuthenticateRequest.java +++ b/src/main/java/com/clerk/backend_api/helpers/jwks/AuthenticateRequest.java @@ -1,5 +1,6 @@ package com.clerk.backend_api.helpers.jwks; +import io.jsonwebtoken.Claims; import java.net.HttpCookie; import java.net.http.HttpHeaders; import java.net.http.HttpRequest; @@ -60,12 +61,12 @@ public static final RequestState authenticateRequest(HttpRequest request, Authen } try { - VerifyToken.verifyToken(sessionToken, verifyTokenOptions); + Claims claims = VerifyToken.verifyToken(sessionToken, verifyTokenOptions); + return RequestState.signedIn(sessionToken, claims); } catch (TokenVerificationException e) { return RequestState.signedOut(e.reason()); } - return RequestState.signedIn(sessionToken); } /** diff --git a/src/main/java/com/clerk/backend_api/helpers/jwks/RequestState.java b/src/main/java/com/clerk/backend_api/helpers/jwks/RequestState.java index 8b3f667..1ece1dc 100644 --- a/src/main/java/com/clerk/backend_api/helpers/jwks/RequestState.java +++ b/src/main/java/com/clerk/backend_api/helpers/jwks/RequestState.java @@ -1,26 +1,30 @@ package com.clerk.backend_api.helpers.jwks; +import io.jsonwebtoken.Claims; import java.util.Optional; import com.clerk.backend_api.utils.Utils; /** -* RequestState - Authentication State of the request. -*/ + * RequestState - Authentication State of the request. + */ public final class RequestState { private final AuthStatus status; private final Optional authErrorReason; private final Optional tokenVerificationErrorReason; private final Optional token; + private final Optional claims; public RequestState(AuthStatus status, Optional authErrorReason, Optional tokenVerificationErrorReason, - Optional token) { + Optional token, + Optional claims) { Utils.checkNotNull(status, "status"); Utils.checkNotNull(authErrorReason, "authErrorReason"); Utils.checkNotNull(tokenVerificationErrorReason, "tokenVerificationErrorReason"); Utils.checkNotNull(token, "token"); + Utils.checkNotNull(claims, "claims"); if (authErrorReason.isPresent() && tokenVerificationErrorReason.isPresent()) { throw new IllegalArgumentException("Only one of authErrorReason or tokenVerificationErrorReason should be provided."); @@ -30,16 +34,22 @@ public RequestState(AuthStatus status, this.authErrorReason = authErrorReason; this.tokenVerificationErrorReason = tokenVerificationErrorReason; this.token = token; + this.claims = claims; } - public static RequestState signedIn(String token) { - return new RequestState(AuthStatus.SIGNED_IN, Optional.empty(), Optional.empty(), Optional.of(token)); + public static RequestState signedIn(String token, Claims claims) { + return new RequestState(AuthStatus.SIGNED_IN, + Optional.empty(), + Optional.empty(), + Optional.of(token), + Optional.of(claims)); } public static RequestState signedOut(AuthErrorReason reason) { return new RequestState(AuthStatus.SIGNED_OUT, Optional.of(reason), Optional.empty(), + Optional.empty(), Optional.empty()); } @@ -47,6 +57,7 @@ public static RequestState signedOut(TokenVerificationErrorReason reason) { return new RequestState(AuthStatus.SIGNED_OUT, Optional.empty(), Optional.of(reason), + Optional.empty(), Optional.empty()); } @@ -77,4 +88,8 @@ public Optional reason() { public Optional token() { return token; } + + public Optional claims() { + return claims; + } } diff --git a/src/test/java/com/clerk/backend_api/helpers/jwks/AuthenticateRequestTest.java b/src/test/java/com/clerk/backend_api/helpers/jwks/AuthenticateRequestTest.java index e0111d2..98d3237 100644 --- a/src/test/java/com/clerk/backend_api/helpers/jwks/AuthenticateRequestTest.java +++ b/src/test/java/com/clerk/backend_api/helpers/jwks/AuthenticateRequestTest.java @@ -59,15 +59,18 @@ private static void assertRequestState(RequestState state, String token) { if (state.isSignedIn()) { assertTrue(state.reason().isEmpty()); assertEquals(token, state.token().get()); + assertTrue(state.claims().isPresent()); + assertTrue(state.claims().get().getSubject().contains("user_")); + } else { assertTrue(state.isSignedOut()); assertEquals(TokenVerificationErrorReason.TOKEN_EXPIRED, state.reason().get()); assertTrue(state.token().isEmpty()); + assertTrue(state.claims().isEmpty()); System.out.println("WARNING: the provided session token is expired."); } } - // @EnabledIfEnvironmentVariable(named = "CLERK_SECRET_KEY", matches = ".+") @Test public void testAuthenticateRequestNoSessionToken() throws URISyntaxException { AuthenticateRequestOptions arOptions = AuthenticateRequestOptions //