authenticationHandler static method
Looks up the AuthenticationInfo belonging to the jwtAccessToken.
In case the session token looks like a JWT, but is not valid a debug-level log entry is written.
Returns null in any case where no valid authentication could be derived from the input.
Implementation
static Future<AuthenticationInfo?> authenticationHandler(
final Session session,
final String jwtAccessToken,
) async {
try {
final tokenData = _jwtUtil.verifyJwt(jwtAccessToken);
return AuthenticationInfoFromJwt.fromJwtVerificationResult(tokenData);
} on JWTUndefinedException catch (_) {
return null;
} on JWTException catch (e, stackTrace) {
// All "known" JWT exceptions, e.g. expired, invalid signature, etc.
session.log(
'Invalid JWT access token',
level: LogLevel.debug,
exception: e,
stackTrace: stackTrace,
);
return null;
} catch (e) {
return null;
}
}