private void verifyJwtAccess(Map<String, List<String>> metadata, String expectedEmail,
URI expectedAudience, String expectedKeyId) throws IOException {
assertNotNull(metadata);
List<String> authorizations = metadata.get(AuthHttpConstants.AUTHORIZATION);
assertNotNull("Authorization headers not found", authorizations);
String assertion = null;
for (String authorization : authorizations) {
if (authorization.startsWith(JWT_ACCESS_PREFIX)) {
assertNull("Multiple bearer assertions found", assertion);
assertion = authorization.substring(JWT_ACCESS_PREFIX.length());
}
}
assertNotNull("Bearer assertion not found", assertion);
JsonWebSignature signature = JsonWebSignature.parse(JSON_FACTORY, assertion);
assertEquals(expectedEmail, signature.getPayload().getIssuer());
assertEquals(expectedEmail, signature.getPayload().getSubject());
assertEquals(expectedAudience.toString(), signature.getPayload().getAudience());
assertEquals(expectedKeyId, signature.getHeader().getKeyId());
}