Merge pull request #427 from IABTechLab/sch-UID2-5355-fix-jwt-token-validation

sophia-chen-ttd · web-flow · commit 95929e04aa9a · 2025-04-30T17:14:51.000+10:00
sch-UID2-5355 cleaning up logs for JWT validation
diff --git a/src/main/java/com/uid2/shared/attest/JwtService.java b/src/main/java/com/uid2/shared/attest/JwtService.java
@@ -60,6 +60,8 @@ public JwtValidationResponse validateJwt(String jwt, String audience, String iss
             throw new ValidationException(Optional.of("Unable to get public keys. Validation can not continue"));
         }
 
+        Exception lastException = null;
+
         for (PublicKey key : this.publicKeys) {
             var tokenVerifier = TokenVerifier.newBuilder()
                     .setPublicKey(key)
@@ -83,10 +85,14 @@ public JwtValidationResponse validateJwt(String jwt, String audience, String iss
                 // return the first verified response
                 return response;
             } catch (Exception e) {
-                LOGGER.error("Error validating JWT", e);
-                throw new ValidationException(Optional.ofNullable(e.getMessage()));
+                lastException = e;
             }
         }
+
+        if (!response.getIsValid()) {
+            throw new ValidationException(Optional.ofNullable(lastException.getMessage()), lastException);
+        }
+
         return response;
     }
 
diff --git a/src/main/java/com/uid2/shared/middleware/AttestationMiddleware.java b/src/main/java/com/uid2/shared/middleware/AttestationMiddleware.java
@@ -110,10 +110,10 @@ public void handle(RoutingContext rc) {
                 }
             }
 
-            if (!isJwtValid && this.enforceJwt) {
+            if (success && !isJwtValid && this.enforceJwt) {
                 LOGGER.info("JWT validation has failed.");
                 success = false;
-            } else if (!isJwtValid && !this.enforceJwt) {
+            } else if (success && !isJwtValid && !this.enforceJwt) {
                 LOGGER.info("JWT validation has failed, but JWTs are not being enforced.");
             }
 

Original file line number	Diff line number	Diff line change
`@@ -60,6 +60,8 @@ public JwtValidationResponse validateJwt(String jwt, String audience, String iss`
`60`	`60`	`throw new ValidationException(Optional.of("Unable to get public keys. Validation can not continue"));`
`61`	`61`	`}`
`62`	`62`
	`63`	`+ Exception lastException = null;`
	`64`	`+`
`63`	`65`	`for (PublicKey key : this.publicKeys) {`
`64`	`66`	`var tokenVerifier = TokenVerifier.newBuilder()`
`65`	`67`	`.setPublicKey(key)`
`@@ -83,10 +85,14 @@ public JwtValidationResponse validateJwt(String jwt, String audience, String iss`
`83`	`85`	`// return the first verified response`
`84`	`86`	`return response;`
`85`	`87`	`} catch (Exception e) {`
`86`		`- LOGGER.error("Error validating JWT", e);`
`87`		`- throw new ValidationException(Optional.ofNullable(e.getMessage()));`
	`88`	`+ lastException = e;`
`88`	`89`	`}`
`89`	`90`	`}`
	`91`	`+`
	`92`	`+ if (!response.getIsValid()) {`
	`93`	`+ throw new ValidationException(Optional.ofNullable(lastException.getMessage()), lastException);`
	`94`	`+ }`
	`95`	`+`
`90`	`96`	`return response;`
`91`	`97`	`}`
`92`	`98`
Original file line number	Diff line number	Diff line change
`@@ -110,10 +110,10 @@ public void handle(RoutingContext rc) {`
`110`	`110`	`}`
`111`	`111`	`}`
`112`	`112`
`113`		`- if (!isJwtValid && this.enforceJwt) {`
	`113`	`+ if (success && !isJwtValid && this.enforceJwt) {`
`114`	`114`	`LOGGER.info("JWT validation has failed.");`
`115`	`115`	`success = false;`
`116`		`- } else if (!isJwtValid && !this.enforceJwt) {`
	`116`	`+ } else if (success && !isJwtValid && !this.enforceJwt) {`
`117`	`117`	`LOGGER.info("JWT validation has failed, but JWTs are not being enforced.");`
`118`	`118`	`}`
`119`	`119`