Improve jwtAuth error reporting

[shreyash24-tech]

Summary

Improved jwtAuth error reporting by exposing the actual InvalidJwtException message instead of returning a generic validation failure message.

Changes

• Added detailed logging for JWT validation failures
• Returned actual exception message using e.getMessage()
• Preserved existing response structure and status handling

Result

JWT-related issues such as expired tokens, malformed JWTs, or invalid signatures are now easier to debug.

Summary by CodeRabbit

Release Notes

• Bug Fixes
  • Improved JWT validation error messages to provide more specific diagnostic details when authentication fails, enabling faster troubleshooting.

[coderabbitai]

📝 Walkthrough

Walkthrough

JwtAuthInterceptor improves error handling by logging JWT validation failures and returning the actual exception message in error responses, restructures validation configuration for clarity, and reformats documentation without changing public behavior.

Changes

JWT Auth Interceptor Error Handling and Documentation Update

Layer / File(s)	Summary
Error handling for invalid JWT core/src/main/java/com/predic8/membrane/core/interceptor/jwt/JwtAuthInterceptor.java	InvalidJwtException handling now logs validation failures and sets ProblemDetails detail to the exception message instead of a constant. Null-JWT guard is rewritten with consistent formatting.
JWT validation and configuration core/src/main/java/com/predic8/membrane/core/interceptor/jwt/JwtAuthInterceptor.java	jwtRetriever lazy initialization, audience/tenant validator setup, and JWT claims property assignment are restructured and formatted for clarity.
Documentation and description formatting core/src/main/java/com/predic8/membrane/core/interceptor/jwt/JwtAuthInterceptor.java	Javadoc for expectedAud and expectedTid fields and HTML long description are reformatted across multiple lines without changing meaning.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• membrane/api-gateway#1806: Both PRs modify JwtAuthInterceptor's handleRequest error-handling to populate ProblemDetails (including the InvalidJwtException path and the detail/message content), so the main PR's tweaks build directly on the retrieved PR's Problem JSON migration.

Suggested reviewers

• t-burch
• christiangoerdes

Poem

🐰 A JWT guide through the gateway so bright,
Now logs when the tokens don't quite align right,
With error details whispered plain,
And code laid out with formatted refrain,
The docs bloom fresh—no meaning lost in sight! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 14.29% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Improve jwtAuth error reporting' directly aligns with the main changeset focus of enhancing JWT validation error handling and response details by replacing generic messages with actual exception messages and adding detailed logging.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[membrane-ci-server]

This pull request needs "/ok-to-test" from an authorized committer.

[coderabbitai]

🧹 Nitpick comments (1)

core/src/main/java/com/predic8/membrane/core/interceptor/jwt/JwtAuthInterceptor.java (1)

104-104: ⚡ Quick win

Simplify the logging statement to avoid redundancy.

The current logging statement includes both e.getMessage() as a parameter and the exception e itself. This causes the exception message to appear twice in the logs. The static analysis tool correctly identifies this as having too many arguments.

Consider using the standard pattern of logging the exception directly, which automatically includes the message and stack trace:

♻️ Simplified logging pattern

-            log.error("JWT validation failed: {}", e.getMessage(), e);
+            log.error("JWT validation failed", e);

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@core/src/main/java/com/predic8/membrane/core/interceptor/jwt/JwtAuthInterceptor.java`
at line 104, In JwtAuthInterceptor (the method that catches JWT validation
exceptions), simplify the log call by removing the explicit e.getMessage()
parameter and log the exception directly; replace the current log.error("JWT
validation failed: {}", e.getMessage(), e) with a single call that includes the
message and the throwable (e) so the logger prints both message and stack trace
without duplicating the exception text.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In
`@core/src/main/java/com/predic8/membrane/core/interceptor/jwt/JwtAuthInterceptor.java`:
- Line 104: In JwtAuthInterceptor (the method that catches JWT validation
exceptions), simplify the log call by removing the explicit e.getMessage()
parameter and log the exception directly; replace the current log.error("JWT
validation failed: {}", e.getMessage(), e) with a single call that includes the
message and the throwable (e) so the logger prints both message and stack trace
without duplicating the exception text.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a353787b-f4a7-4b18-b38e-5b4bbf6d346c

📥 Commits

Reviewing files that changed from the base of the PR and between bc4a0e8 and 7851fd9.

📒 Files selected for processing (1)

• core/src/main/java/com/predic8/membrane/core/interceptor/jwt/JwtAuthInterceptor.java

[predic8]

Use level info. That wrong input is sent is normal operation. INFO is default log level, so it appears in the log.

[predic8]

@shreyash24-tech thanks for opening this PR. We'll review it shortly.

[predic8]

.detail("JWT validation failed: " +e.getMessage())