function handle()

in kong/kong/plugins/oidc/handler.lua [195:268]

• 57 lines of code
• 15 McCabe index (conditional complexity)

function handle(oidcConfig)
  local response
  local userToken
  local accessToken
  local idToken

  
  if oidcConfig.allow_token_auth and oidcConfig.introspection_endpoint then
    userToken = introspect(oidcConfig)
    if userToken then
      ngx.log(ngx.DEBUG, "OidcHandler introspect succeeded, requested path: " .. ngx.var.request_uri .. " User ID: " .. userToken.sub)
      accessToken = utils.get_bearer_access_token()
      
      utils.removeAuthorizationHeader()
    end
  end

  if userToken == nil then
    
    response = make_oidc(oidcConfig)
    if response then
      userToken = response.user
      accessToken = response.access_token
      idToken = response.id_token
    end
  end

  
  local jwt, jwtErr
  if accessToken then
    jwt, jwtErr = jwt_decoder:new(accessToken)
    if jwtErr then
      ngx.log(ngx.DEBUG, "Failed to parse access token: " .. jwtErr)
    end
  end

 
  if oidcConfig.enable_authorization and jwt then
    ngx.log(ngx.DEBUG, "Authorizing request: " .. ngx.var.request_uri)

    
    local ok, err = authorize(oidcConfig, jwt)
    if not ok then
      ngx.log(ngx.WARN, "Authorization failed: " .. err.message .. " Request URI: " .. ngx.var.request_uri)
      utils.exit(err.status, "", err.status)
    end
  end

  
  if (userToken) then
    
    utils.injectUser(userToken, oidcConfig.user_header_name)
  end
  if (accessToken) then
    
    if (oidcConfig.bearer_access_token == "yes") then
        utils.injectAccessToken("Bearer " .. accessToken, "Authorization")
    else
      utils.injectAccessToken(accessToken, oidcConfig.access_token_header_name)
    end
    
    if oidcConfig.token_claim_header_name ~= nil and oidcConfig.token_claim_header_name ~= '' and oidcConfig.token_claim_header_value ~= nil and oidcConfig.token_claim_header_value ~= '' then
      if jwt and jwt.claims ~= nil then
        utils.injectUserAttr(jwt.claims, oidcConfig.token_claim_header_name, oidcConfig.token_claim_header_value)
      else
        ngx.log(ngx.WARN, "Can't inject '" .. oidcConfig.token_claim_header_name .. "' header with '" .. oidcConfig.token_claim_header_value .. "' claim value from access token as token is missing or invalid")
      end
    end
  end
  if (idToken) then
    utils.injectIDToken(idToken, oidcConfig.id_token_header_name)
  end
  
end