compliance-agent/src/api/auth_middleware.rs

@@ -62,8 +62,7 @@ pub async fn require_jwt_auth(request: Request, next: Next) -> Response {
 }
 
 async fn validate_token(token: &str, state: &JwksState) -> Result<(), String> {
-    let header =
+    let header = decode_header(token).map_err(|e| format!("failed to decode JWT header: {e}"))?;
-        decode_header(token).map_err(|e| format!("failed to decode JWT header: {e}"))?;
 
     let kid = header
         .kid
@@ -77,8 +76,8 @@ async fn validate_token(token: &str, state: &JwksState) -> Result<(), String> {
         .find(|k| k.common.key_id.as_deref() == Some(&kid))
         .ok_or_else(|| "no matching key found in JWKS".to_string())?;
 
-    let decoding_key = DecodingKey::from_jwk(jwk)
+    let decoding_key =
-        .map_err(|e| format!("failed to create decoding key: {e}"))?;
+        DecodingKey::from_jwk(jwk).map_err(|e| format!("failed to create decoding key: {e}"))?;
 
     let mut validation = Validation::new(header.alg);
     validation.validate_exp = true;

compliance-agent/src/api/server.rs

@@ -16,13 +16,10 @@ pub async fn start_api_server(agent: ComplianceAgent, port: u16) -> Result<(), A
         .layer(CorsLayer::permissive())
         .layer(TraceLayer::new_for_http());
 
-    if let (Some(kc_url), Some(kc_realm)) = (
+    if let (Some(kc_url), Some(kc_realm)) =
-        &agent.config.keycloak_url,
+        (&agent.config.keycloak_url, &agent.config.keycloak_realm)
-        &agent.config.keycloak_realm,
+    {
-    ) {
+        let jwks_url = format!("{kc_url}/realms/{kc_realm}/protocol/openid-connect/certs");
-        let jwks_url = format!(
-            "{kc_url}/realms/{kc_realm}/protocol/openid-connect/certs"
-        );
         let jwks_state = JwksState {
             jwks: Arc::new(RwLock::new(None)),
             jwks_url,