knative · 7h3-3mp7y-m4n · Jul 17, 2024 · Jul 19, 2024 · rahulii · Jul 19, 2024
diff --git a/pkg/auth/token_verifier.go b/pkg/auth/token_verifier.go
@@ -179,3 +179,19 @@
 	SubjectTypes  []string `json:"subject_types_supported"`
 	SigningAlgs   []string `json:"id_token_signing_alg_values_supported"`
 }
+
+// Getting the OIDCIdentity
+func (c *OIDCTokenVerifier) GetOIDCIdentity(ctx context.Context, r *http.Request, audience string) (*IDToken, error) {
+	token := GetJWTFromHeader(r.Header)
+	if token == "" {
+		return nil, fmt.Errorf("no JWT token found in request")
+	}
+
+	// Verify the JWT token
+	oidcToken, err := c.VerifyJWT(ctx, token, audience)
+	if err != nil {
+		return nil, fmt.Errorf("failed to verify JWT: %v", err)
+	}
+
+	return oidcToken, nil
+}
diff --git a/pkg/channel/event_receiver.go b/pkg/channel/event_receiver.go
@@ -256,12 +256,13 @@ func (r *EventReceiver) ServeHTTP(response nethttp.ResponseWriter, request *neth
 	features := feature.FromContext(ctx)
 	if features.IsOIDCAuthentication() {
 		r.logger.Debug("OIDC authentication is enabled")
-		err = r.tokenVerifier.VerifyJWTFromRequest(ctx, request, &r.audience, response)
+		oidcToken, err := r.tokenVerifier.GetOIDCIdentity(ctx, request, r.audience)
 		if err != nil {
 			r.logger.Warn("Error when validating the JWT token in the request", zap.Error(err))
+			response.WriteHeader(nethttp.StatusUnauthorized)
 			return
 		}
-		r.logger.Debug("Request contained a valid JWT. Continuing...")
+		r.logger.Debug("Request contained a valid JWT. Continuing...", zap.String("subject", oidcToken.Subject))
 	}
 
 	err = r.receiverFunc(request.Context(), channel, *event, utils.PassThroughHeaders(request.Header))