From 8967bc70c375b2a9c7cd07960774bd2d38748ddf Mon Sep 17 00:00:00 2001
From: Maximilian Csuk <maximilian.csuk@gmx.at>
Date: Wed, 13 Mar 2024 13:47:17 +0100
Subject: [PATCH] be more lenient with what a user token has to have

---
 backend/Omnikeeper.Base/Authz/HttpUser.cs | 40 +++++++++++++----------
 1 file changed, 23 insertions(+), 17 deletions(-)

diff --git a/backend/Omnikeeper.Base/Authz/HttpUser.cs b/backend/Omnikeeper.Base/Authz/HttpUser.cs
index 9e449145..6a144f2f 100644
--- a/backend/Omnikeeper.Base/Authz/HttpUser.cs
+++ b/backend/Omnikeeper.Base/Authz/HttpUser.cs
@@ -103,29 +103,35 @@ public static HttpUser CreateHttpUserFromClaimsPrincipal(ClaimsPrincipal claimsP
                 var guid = new Guid(guidString);
 
                 // extract client roles
+                var clientRoles = new HashSet<string>();
                 var resourceAccessStr = claims.Where(c => c.Type == "resource_access").FirstOrDefault()?.Value;
                 if (resourceAccessStr == null)
                 {
-                    throw new Exception("Cannot parse roles in user token: key \"resource_access\" not found");
-                }
-                using var resourceAccess = JsonDocument.Parse(resourceAccessStr);
-                if (resourceAccess == null)
-                {
-                    throw new Exception("Cannot parse roles in user token: Cannot parse resource_access JSON value");
-                }
-                var resourceName = audience;
-                var clientRoles = new HashSet<string>();
-                try
+                    logger.LogDebug("Cannot parse roles in user token: key \"resource_access\" not found");
+                } 
+                else
                 {
-                    var claimRoles = resourceAccess.RootElement.GetProperty(resourceName).GetProperty("roles").EnumerateArray();
-                    clientRoles = claimRoles.Select(tt => tt.GetString()!).ToHashSet();
-                }
-                catch (Exception ex)
-                {
-                    logger.LogWarning(ex, $"Cannot parse roles in user token for user {username}: key-path \"resource_access\"->\"{resourceName}\"->\"roles\" not found; either no roles assigned or token structure invalid");
+                    using var resourceAccess = JsonDocument.Parse(resourceAccessStr);
+                    if (resourceAccess == null)
+                    {
+                        logger.LogDebug("Cannot parse roles in user token: Cannot parse resource_access JSON value");
+                    }
+                    else
+                    {
+                        var resourceName = audience;
+                        try
+                        {
+                            var claimRoles = resourceAccess.RootElement.GetProperty(resourceName).GetProperty("roles").EnumerateArray();
+                            clientRoles = claimRoles.Select(tt => tt.GetString()!).ToHashSet();
+                        }
+                        catch (Exception ex)
+                        {
+                            logger.LogDebug(ex, $"Cannot parse roles in user token for user {username}: key-path \"resource_access\"->\"{resourceName}\"->\"roles\" not found; either no roles assigned or token structure invalid");
+                        }
+                    }
                 }
 
-                var usertype = UserType.Unknown;
+                var usertype = UserType.Unknown; 
                 if (clientRoles.Contains("human"))
                     usertype = UserType.Human;
                 else if (clientRoles.Contains("robot"))