diff options
author | mauroporras <mauroporrasc@gmail.com> | 2020-05-28 08:53:25 -0500 |
---|---|---|
committer | Robert Newson <rnewson@apache.org> | 2020-06-04 22:40:23 +0100 |
commit | ab93b155095643ab13f3779abc6c948fe273fe4b (patch) | |
tree | 0ba284ec1a7d970fc585721d0586ed49b3353028 | |
parent | 0be139a8e20d1be0cf63e611159015b8bc6c6e1a (diff) | |
download | couchdb-ab93b155095643ab13f3779abc6c948fe273fe4b.tar.gz |
feat(auth): Allow a custom JWT claim for roles
-rw-r--r-- | rel/overlay/etc/default.ini | 1 | ||||
-rw-r--r-- | src/couch/src/couch_httpd_auth.erl | 2 |
2 files changed, 2 insertions, 1 deletions
diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini index 057ed4c1c..f3f12ca96 100644 --- a/rel/overlay/etc/default.ini +++ b/rel/overlay/etc/default.ini @@ -145,6 +145,7 @@ max_db_number_for_dbs_info_req = 100 ; can be the name of a claim like "exp" or a tuple if the claim requires ; a parameter ; required_claims = exp, {iss, "IssuerNameHere"} +; roles_claim_name = https://example.com/roles ; ; [jwt_keys] ; Configure at least one key here if using the JWT auth handler. diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl index 0d3add0c8..45a82bd0f 100644 --- a/src/couch/src/couch_httpd_auth.erl +++ b/src/couch/src/couch_httpd_auth.erl @@ -198,7 +198,7 @@ jwt_authentication_handler(Req) -> false -> throw({unauthorized, <<"Token missing sub claim.">>}); {_, User} -> Req#httpd{user_ctx=#user_ctx{ name = User, - roles = couch_util:get_value(<<"_couchdb.roles">>, Claims, []) + roles = couch_util:get_value(?l2b(config:get("jwt_auth", "roles_claim_name", "_couchdb.roles")), Claims, []) }} end; {error, Reason} -> |