JWT: only accepts tokens from the expected header or cookie

2025-12-07 14:50:55 +03:00 · 2021-02-02 13:11:47 +01:00
parent 4f609cfa30
commit f863530653
3 changed files with 74 additions and 45 deletions
--- a/httpd/middleware.go
+++ b/httpd/middleware.go
@@ -39,7 +39,7 @@ func jwtAuthenticator(next http.Handler) http.Handler {
 			return
 		}
 		if !utils.IsStringInSlice(tokenAudienceAPI, token.Audience()) {
-			logger.Debug(logSender, "", "the token audience is not valid")
+			logger.Debug(logSender, "", "the token audience is not valid for API usage")
 			sendAPIResponse(w, r, nil, "Your token audience is not valid", http.StatusUnauthorized)
 			return
 		}
@@ -71,7 +71,7 @@ func jwtAuthenticatorWeb(next http.Handler) http.Handler {
 			return
 		}
 		if !utils.IsStringInSlice(tokenAudienceWeb, token.Audience()) {
-			logger.Debug(logSender, "", "the token audience is not valid")
+			logger.Debug(logSender, "", "the token audience is not valid for Web usage")
 			http.Redirect(w, r, webLoginPath, http.StatusFound)
 			return
 		}