Merge pull request #7 from nulib/fix-jwt-auth-flow

If jwt is valid skip regular auth
nulib · Nov 18, 2024 · 443c2a9 · 443c2a9
2 parents 5a7abde + 91485e7
commit 443c2a9
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/iiif-server/src/index.js b/iiif-server/src/index.js
@@ -90,6 +90,7 @@ async function viewerRequestIiif(request, { config }) {
   const cookie = getEventHeader(request, "cookie");
   const authSignature = getAuthSignature(request);
 
+  let jwtAuth = false;
   if (authSignature) {
     let jwtClaims;
     try {
@@ -105,7 +106,10 @@ async function viewerRequestIiif(request, { config }) {
 
     const jwtResult = await validateJwtClaims(jwtClaims, params, config);
 
-    if (!jwtResult.valid) {
+    if (jwtResult.valid) {
+      console.log("JWT claims verified");
+      jwtAuth = true;
+    } else {
       console.log(`Could not verify JWT claims: ${jwtResult.reason}`);
       return {
         status: "403",
@@ -115,7 +119,7 @@ async function viewerRequestIiif(request, { config }) {
     }
   }
 
-  const authed = await authorize(
+  const authed = jwtAuth || await authorize(
     params,
     referer,
     cookie,

diff --git a/iiif-server/template.yaml b/iiif-server/template.yaml
@@ -59,7 +59,7 @@ Resources:
       Handler: index.handler
       Architectures:
         - x86_64
-      Timeout: 3
+      Timeout: 5
       MemorySize: 128
       AutoPublishAlias: "Latest"
       AssumeRolePolicyDocument: