ConjureUndertowRuntime logs exceptions for non-Palantir JWTs #1833
Description
What happened?
ConjureUndertowRuntime configures a ConjureAuthorizationExtractor which optimistically calls UnverifiedJsonWebToken.tryParse to extract user information from an unverified token.
However, the Palantir auth-tokens project assumes Palantir's JWT format. Specifically, it tries to decode sub, sid and jti as base64-encoded UUIDs: https://github.com/palantir/auth-tokens/blob/bb668c6e99dd211799cbc4aa7602114b9d882368/auth-tokens/src/main/java/com/palantir/tokens/auth/UnverifiedJsonWebToken.java#L125-L128
When using Conjure with non-Palantir tokens, this fills the logs with parse exceptions (albeit not failing the request).
What did you want to happen?
The ConjureUndertowRuntime.Builder could allow the user to override the mechanism for extracting the userId, sessionId and tokenId from a BearerToken.
Happy to put up a PR.