From 4f042121ae86b3057bab0bda76fb7578d7428346 Mon Sep 17 00:00:00 2001 From: Geoff Greer Date: Fri, 22 May 2026 15:19:37 -0700 Subject: [PATCH 1/2] Return GRPC codes.InvalidArgument if JWK is invalid. --- pkg/crypto/providers/jwk/jwk.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkg/crypto/providers/jwk/jwk.go b/pkg/crypto/providers/jwk/jwk.go index c39a73afc..e4820fe33 100644 --- a/pkg/crypto/providers/jwk/jwk.go +++ b/pkg/crypto/providers/jwk/jwk.go @@ -15,6 +15,8 @@ import ( "filippo.io/age" "github.com/go-jose/go-jose/v4" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" v2 "github.com/conductorone/baton-sdk/pb/c1/connector/v2" ) @@ -30,7 +32,7 @@ func unmarshalJWK(jwkBytes []byte) (*jose.JSONWebKey, error) { jwk := &jose.JSONWebKey{} err := jwk.UnmarshalJSON(jwkBytes) if err != nil { - return nil, fmt.Errorf("jwk: failed to unmarshal jwk: %w", err) + return nil, status.Errorf(codes.InvalidArgument, "jwk: failed to unmarshal jwk: %v", err) } return jwk, nil } From f2f4af32a79fb0bedb4a988ad567935d4094925f Mon Sep 17 00:00:00 2001 From: Geoff Greer Date: Sun, 24 May 2026 06:41:52 -0700 Subject: [PATCH 2/2] Add test for unmarshalJWK --- pkg/crypto/providers/jwk/jwk_test.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkg/crypto/providers/jwk/jwk_test.go b/pkg/crypto/providers/jwk/jwk_test.go index d387928d5..e08c81c77 100644 --- a/pkg/crypto/providers/jwk/jwk_test.go +++ b/pkg/crypto/providers/jwk/jwk_test.go @@ -12,8 +12,16 @@ import ( v2 "github.com/conductorone/baton-sdk/pb/c1/connector/v2" "github.com/go-jose/go-jose/v4" "github.com/stretchr/testify/require" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" ) +func TestUnmarshalJWK_InvalidArgument(t *testing.T) { + _, err := unmarshalJWK([]byte("not valid jwk json")) + require.Error(t, err) + require.Equal(t, codes.InvalidArgument, status.Code(err)) +} + func TestGenerateKey(t *testing.T) { provider := &JWKEncryptionProvider{} ctx := context.Background()