diff options
author | Robert Newson <rnewson@apache.org> | 2020-03-24 20:41:50 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-24 20:41:50 +0000 |
commit | 2b95500ac57d831ed4ac7abfc9250c739179b230 (patch) | |
tree | 846cf02990ba18f61203b0d15060e47549ba4b44 | |
parent | 1890168af11fec4dff6126991d29a4eedb793ca9 (diff) | |
parent | 3523c817c903a4fb033a19808d63514754b77194 (diff) | |
download | couchdb-2b95500ac57d831ed4ac7abfc9250c739179b230.tar.gz |
Merge pull request #2714 from atrauzzi/jwt-couchdb-specific-roles-claim
Make the JWT roles claim more CouchDB specific
-rw-r--r-- | src/couch/src/couch_httpd_auth.erl | 2 | ||||
-rw-r--r-- | test/elixir/test/jwtauth_test.exs | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl index 4ad205255..43fb4161c 100644 --- a/src/couch/src/couch_httpd_auth.erl +++ b/src/couch/src/couch_httpd_auth.erl @@ -199,7 +199,7 @@ jwt_authentication_handler(Req) -> false -> throw({unauthorized, <<"Token missing sub claim.">>}); {_, User} -> Req#httpd{user_ctx=#user_ctx{ name = User, - roles = couch_util:get_value(<<"roles">>, Claims, []) + roles = couch_util:get_value(<<"_couchdb.roles">>, Claims, []) }} end; {error, Reason} -> diff --git a/test/elixir/test/jwtauth_test.exs b/test/elixir/test/jwtauth_test.exs index dc3d27df4..de5b3e65d 100644 --- a/test/elixir/test/jwtauth_test.exs +++ b/test/elixir/test/jwtauth_test.exs @@ -103,7 +103,7 @@ defmodule JwtAuthTest do end def test_fun(alg, key) do - {:ok, token} = :jwtf.encode({[{"alg", alg}, {"typ", "JWT"}]}, {[{"sub", "couch@apache.org"}, {"roles", ["testing"]}]}, key) + {:ok, token} = :jwtf.encode({[{"alg", alg}, {"typ", "JWT"}]}, {[{"sub", "couch@apache.org"}, {"_couchdb.roles", ["testing"]}]}, key) resp = Couch.get("/_session", headers: [authorization: "Bearer #{token}"] |