diff options
| author | Robert Newson <rnewson@apache.org> | 2020-09-21 20:21:48 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-09-21 20:21:48 +0100 |
| commit | c2c282204978ecbf7034b8f89b7260f3a3e6116e (patch) | |
| tree | cf90ec236fa6e31bfbf106d148adcff271d50673 | |
| parent | 44204af782ffac64e6e3e48e7cc68dd1a4659348 (diff) | |
| download | couchdb-c2c282204978ecbf7034b8f89b7260f3a3e6116e.tar.gz | |
feat(auth): Allow a custom JWT claim for roles (#3166)
Co-authored-by: mauroporras <mauroporrasc@gmail.com>
| -rw-r--r-- | rel/overlay/etc/default.ini | 1 | ||||
| -rw-r--r-- | src/couch/src/couch_httpd_auth.erl | 2 |
2 files changed, 2 insertions, 1 deletions
diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini index 1a7a02108..f2bf12f54 100644 --- a/rel/overlay/etc/default.ini +++ b/rel/overlay/etc/default.ini @@ -148,6 +148,7 @@ max_db_number_for_dbs_info_req = 100 ; can be the name of a claim like "exp" or a tuple if the claim requires ; a parameter ; required_claims = exp, {iss, "IssuerNameHere"} +; roles_claim_name = https://example.com/roles ; ; [jwt_keys] ; Configure at least one key here if using the JWT auth handler. diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl index 96d60a202..e81cf040e 100644 --- a/src/couch/src/couch_httpd_auth.erl +++ b/src/couch/src/couch_httpd_auth.erl @@ -198,7 +198,7 @@ jwt_authentication_handler(Req) -> false -> throw({unauthorized, <<"Token missing sub claim.">>}); {_, User} -> Req#httpd{user_ctx=#user_ctx{ name = User, - roles = couch_util:get_value(<<"_couchdb.roles">>, Claims, []) + roles = couch_util:get_value(?l2b(config:get("jwt_auth", "roles_claim_name", "_couchdb.roles")), Claims, []) }} end; {error, Reason} -> |