diff --git a/pom.xml b/pom.xml
index bbb3ede..dcad9ac 100644
--- a/pom.xml
+++ b/pom.xml
@@ -74,21 +74,6 @@
clearinghouse
1.2.1
-
- io.jsonwebtoken
- jjwt-api
- 0.12.3
-
-
- io.jsonwebtoken
- jjwt-impl
- 0.12.3
-
-
- io.jsonwebtoken
- jjwt-jackson
- 0.12.3
-
no.uio.ifi
tsd-file-api-client
diff --git a/src/main/java/no/elixir/fega/ltp/aspects/AAIAspect.java b/src/main/java/no/elixir/fega/ltp/aspects/AAIAspect.java
index 2a67e24..e06f739 100644
--- a/src/main/java/no/elixir/fega/ltp/aspects/AAIAspect.java
+++ b/src/main/java/no/elixir/fega/ltp/aspects/AAIAspect.java
@@ -78,10 +78,10 @@ public Object authenticateElixirAAI(ProceedingJoinPoint joinPoint) throws Throwa
String jwtToken = optionalBearerAuth.get().replace("Bearer ", "");
try {
var tokenArray = jwtToken.split("[.]");
- byte[] decodedHeader = Base64.getUrlDecoder().decode(tokenArray[0]);
- String decodedHeaderString = new String(decodedHeader);
+ byte[] decodedPayload = Base64.getUrlDecoder().decode(tokenArray[1]);
+ String decodedPayloadString = new String(decodedPayload);
Gson gson = new Gson();
- JsonObject claims = gson.fromJson(decodedHeaderString, JsonObject.class);
+ JsonObject claims = gson.fromJson(decodedPayloadString, JsonObject.class);
List controlledAccessGrantsVisas = getVisas(jwtToken, claims.keySet());
log.info("Elixir user {} authenticated and provided following valid GA4GH Visas: {}", claims.get(Claims.SUBJECT).getAsString(), controlledAccessGrantsVisas);
request.setAttribute(ELIXIR_ID, claims.get(Claims.SUBJECT).getAsString());