Skip to main content

decode_bearer_token

Function decode_bearer_token 

Source
pub fn decode_bearer_token(
    headers: &HeaderMap,
    container: &FrozenDiContainer,
) -> Option<Arc<Map<String, Value>>>
Expand description

Extract and decode an access Bearer token from request headers.

Shared by all three request boundaries (HTTP macro routes, plugin routes, WebSocket handshake) so a security fix here applies everywhere at once.

Returns None when:

  • No JwtService is registered in the container.
  • The Authorization header is absent or not valid UTF-8.
  • The token is missing, expired, or has an invalid signature.
  • The token "type" claim is not "access" (i.e. refresh tokens are rejected).