Merge pull request #52 from aka4rKO/main-int

Changed order of validation to avoid server error
wso2 · Dec 3, 2024 · 9505e97 · 9505e97
2 parents 1d17f36 + 3b00b02
commit 9505e97
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/.../wso2/openbanking/cds/identity/authenticator/CDSBasePrivateKeyJWTClientAuthenticator.java b/.../wso2/openbanking/cds/identity/authenticator/CDSBasePrivateKeyJWTClientAuthenticator.java
@@ -88,8 +88,14 @@ public boolean authenticateClient(HttpServletRequest httpServletRequest, Map<Str
                                       OAuthClientAuthnContext oAuthClientAuthnContext)
             throws OAuthClientAuthnException {
 
+        // Checks if assertion is valid before validating the client id against the subject claim
+        boolean isValidAssertion = jwtValidator.isValidAssertion(getSignedJWT(bodyParameters, oAuthClientAuthnContext));
+        if (!isValidAssertion) {
+            return false;
+        }
+
         validateClientIdAgainstSubClaim(httpServletRequest, bodyParameters, oAuthClientAuthnContext);
-        return jwtValidator.isValidAssertion(getSignedJWT(bodyParameters, oAuthClientAuthnContext));
+        return true;
     }
 
     /**