Fix authority calling wrong revoke method

2019-12-02 19:11:27 -05:00 · 2019-12-02 19:11:27 -05:00 · 9caadbb341
commit 9caadbb341
parent d2b1f1547f
2 changed files with 4 additions and 3 deletions
--- a/authority/authorize.go
+++ b/authority/authorize.go
@ -77,7 +77,7 @@ func (a *Authority) authorizeToken(ctx context.Context, ott string) (provisioner
 		if reuseKey, err := p.GetTokenID(ott); err == nil {
 			ok, err := a.db.UseToken(reuseKey, ott)
 			if err != nil {
-				return nil, &apiError{errors.Wrap(err, "authorizeToken: failed when checking if token already used"),
+				return nil, &apiError{errors.Wrap(err, "authorizeToken: failed when attempting to store token"),
 					http.StatusInternalServerError, errContext}
 			}
 			if !ok {
@ -163,7 +163,7 @@ func (a *Authority) authorizeRevoke(ctx context.Context, token string) error {
 	if err != nil {
 		return &apiError{errors.Wrap(err, "authorizeRevoke"), http.StatusUnauthorized, errContext}
 	}
-	if err = p.AuthorizeSSHRevoke(ctx, token); err != nil {
+	if err = p.AuthorizeRevoke(ctx, token); err != nil {
 		return &apiError{errors.Wrap(err, "authorizeRevoke"), http.StatusUnauthorized, errContext}
 	}
 	return nil
--- a/authority/provisioner/jwk.go
+++ b/authority/provisioner/jwk.go
@ -118,7 +118,8 @@ func (p *JWK) authorizeToken(token string, audiences []string) (*jwtPayload, err

 	// validate audiences with the defaults
 	if !matchesAudience(claims.Audience, audiences) {
-		return nil, errors.New("invalid token: invalid audience claim (aud)")
+		return nil, errors.Errorf("invalid token: invalid audience claim (aud); want %s, but got %s",
+			audiences, claims.Audience)
 	}

 	if claims.Subject == "" {