pkg/auth: check HTTP status from the server

Previously the reported failure was a nondescript strconv.ParseInt: parsing "": invalid syntax
author: Greg Steuck <gnezdo@google.com> 2021-07-30 11:54:08 -0700
committer: Dmitry Vyukov <dvyukov@google.com> 2021-08-06 13:14:19 +0200
commit: 00fc459663540df701f62355dc1871a583021aa7 (patch)
tree: 49a646104e3bdbfb447b8e4ea89c68d7ff0943d3 /pkg/auth/auth.go
parent: f9e341e30b4f3faa468a0b885775a4fbf7825016 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go
index c662218ea..af8432a34 100644
--- a/pkg/auth/auth.go
+++ b/pkg/auth/auth.go
@@ -78,6 +78,9 @@ func (auth *Endpoint) queryTokenInfo(tokenValue string) (*jwtClaims, error) {
 		return nil, err
 	}
 	defer resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("verification failed %v", resp.StatusCode)
+	}
 	body, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
@@ -116,7 +119,7 @@ func (auth *Endpoint) DetermineAuthSubj(now time.Time, authHeader []string) (str
 		return "", err
 	}
 	if claims.Audience != DashboardAudience {
-		err := fmt.Errorf("unexpected audience %v %v", claims.Audience, claims)
+		err := fmt.Errorf("unexpected audience %v", claims.Audience)
 		return "", err
 	}
 	if claims.Expiration.Before(now) {
author	Greg Steuck <gnezdo@google.com>	2021-07-30 11:54:08 -0700
committer	Dmitry Vyukov <dvyukov@google.com>	2021-08-06 13:14:19 +0200
commit	00fc459663540df701f62355dc1871a583021aa7 (patch)
tree	49a646104e3bdbfb447b8e4ea89c68d7ff0943d3 /pkg/auth/auth.go
parent	f9e341e30b4f3faa468a0b885775a4fbf7825016 (diff)