JwtClaims::issuer() and extract_audience() panic on malformed JWT claims #4590
Description
Summary
JwtClaims methods in crates/bindings/src/lib.rs use bare .unwrap() and panic!() calls that will crash the module on malformed or unexpected JWT payloads, instead of returning errors gracefully.
Details
issuer() (line 1593) uses bare .unwrap() with no error context:
pub fn issuer(&self) -> &str {
self.get_parsed().get("iss").unwrap().as_str().unwrap()
}If the iss claim is missing or not a string, this panics with an opaque "called Option::unwrap() on a None value" message.
By contrast, subject() (line 1583) already uses .expect() with descriptive messages — issuer() should follow the same pattern at minimum.
extract_audience() (line 1603) explicitly panics on non-standard aud claim types:
_ => panic!("Unexpected type for 'aud' claim in JWT"),Per RFC 7519 §4.1.3, the aud claim must be a string or array of strings, but panicking on unexpected input in an authentication path is fragile. A malformed token from a misbehaving client should not crash the module.
get_parsed() (line 1579) also uses .expect() on JSON parsing, which panics if the payload is not valid JSON.
Impact
These are called in authentication paths (e.g., identity() calls issuer() + subject()). A malformed JWT payload — whether from a bug, a protocol mismatch, or a malicious client — will panic and crash the module rather than producing a recoverable error.
Suggested Fix
- Change return types to
Result<_, _>orOption<_>and propagate errors - At minimum, replace bare
.unwrap()inissuer()with.expect()messages matching thesubject()style for consistency - Consider returning an error variant for
extract_audience()instead of panicking on unexpected types
Location
crates/bindings/src/lib.rslines 1577–1605 (JwtClaimsimpl block)