verify signature when parsing refresh token

Signed-off-by: Kai Helbig <[email protected]>
TNG · May 31, 2023 · 5adb0ff · 5adb0ff
1 parent a4cf8b5
commit 5adb0ff
Showing 1 changed file with 1 addition and 5 deletions.
diff --git a/mock/src/main/java/com/tngtech/keycloakmock/impl/TokenGenerator.java b/mock/src/main/java/com/tngtech/keycloakmock/impl/TokenGenerator.java
@@ -2,9 +2,6 @@
 
 import com.tngtech.keycloakmock.api.TokenConfig;
 import com.tngtech.keycloakmock.impl.session.UserData;
-import io.jsonwebtoken.Claims;
-import io.jsonwebtoken.Header;
-import io.jsonwebtoken.Jwt;
 import io.jsonwebtoken.JwtBuilder;
 import io.jsonwebtoken.JwtParser;
 import io.jsonwebtoken.Jwts;
@@ -102,10 +99,9 @@ public String getToken(
         .compact();
   }
 
-  @SuppressWarnings("unchecked")
   public Map<String, Object> parseToken(String token) {
     JwtParser parser = Jwts.parserBuilder().setSigningKey(privateKey).build();
-    return ((Jwt<Header<?>, Claims>) parser.parse(token)).getBody();
+    return parser.parseClaimsJws(token).getBody();
   }
 
   private void setClaimIfPresent(