|
|
|
@ -3,6 +3,7 @@ package authority
|
|
|
|
|
import (
|
|
|
|
|
"crypto/x509"
|
|
|
|
|
"net/http"
|
|
|
|
|
"strings"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"github.com/pkg/errors"
|
|
|
|
@ -55,7 +56,8 @@ func (a *Authority) Authorize(ott string) ([]provisioner.SignOption, error) {
|
|
|
|
|
// This method will also validate the audiences for JWK provisioners.
|
|
|
|
|
p, ok := a.provisioners.LoadByToken(token, &claims.Claims)
|
|
|
|
|
if !ok {
|
|
|
|
|
return nil, &apiError{errors.Errorf("authorize: provisioner not found or invalid audience %s", claims.Audience),
|
|
|
|
|
return nil, &apiError{
|
|
|
|
|
errors.Errorf("authorize: provisioner not found or invalid audience (%s)", strings.Join(claims.Audience, ", ")),
|
|
|
|
|
http.StatusUnauthorized, errContext}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|