package io.micronaut.security.oauth2.endpoint.token.response.validation;

import io.micronaut.context.annotation.Requires;
import io.micronaut.security.oauth2.client.OpenIdProviderMetadata;
import io.micronaut.security.oauth2.configuration.OauthClientConfiguration;
import io.micronaut.security.oauth2.endpoint.token.response.OpenIdClaims;
import jakarta.inject.Singleton;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
@Requires(property = "micronaut.security.oauth2.openid.claims-validation.authorized-party", notEquals = "false")
/* loaded from: input_file:io/micronaut/security/oauth2/endpoint/token/response/validation/AuthorizedPartyClaimValidator.class */
public class AuthorizedPartyClaimValidator implements OpenIdClaimsValidator {
    private static final Logger LOG = LoggerFactory.getLogger(AuthorizedPartyClaimValidator.class);

    @Override // io.micronaut.security.oauth2.endpoint.token.response.validation.OpenIdClaimsValidator
    public boolean validate(OpenIdClaims openIdClaims, OauthClientConfiguration oauthClientConfiguration, OpenIdProviderMetadata openIdProviderMetadata) {
        String authorizedParty = openIdClaims.getAuthorizedParty();
        if (authorizedParty == null) {
            return true;
        }
        boolean equals = authorizedParty.equals(oauthClientConfiguration.getClientId());
        if (!equals && LOG.isTraceEnabled()) {
            LOG.trace("JWT validation failed for provider [{}]. Authorized party claim does not match [{}]", oauthClientConfiguration.getName(), oauthClientConfiguration.getClientId());
        }
        return equals;
    }
}
