You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2022/05/30 08:41:14 UTC

[GitHub] [couchdb] big-r81 commented on pull request #4041: Allow and evaluate nested json claim roles

big-r81 commented on PR #4041:
URL: https://github.com/apache/couchdb/pull/4041#issuecomment-1140873430

   I updated the PR with the following logic:
   
   We have now different code paths, how a list of couchdb roles can get into the system (inclusive backwards compatibility). 
   I want to explain it in detail:
   
   | roles_claim_name | roles_claim_path | _couchdb.roles in JWT token | used in CouchDB | log message |
   | ---  | --- | --- | --- | --- |
   | `undef`  | `undef` | `undef` | `---` | `---` |
   | `undef`  | `undef` | `def` | `_couchdb.roles` |  implicit values found and used, migrate to path |
   | `undef`  | `def` | `undef` | `roles_claim_path` | --- |
   | `undef`  | `def` | `def` | `_couchdb.roles` |  implicit values found and used, migrate to path |
   | `def`  | `undef` | `undef` | `roles_claim_name` | Use of 'roles_claim_name' is deprecated. Please migrate to 'roles_claim_path'! |
   | `def`  | `undef` | `def` | `roles_claim_name` | Use of 'roles_claim_name' is deprecated. Please migrate to 'roles_claim_path'! |
   | `def`  | `def` | `undef` | `roles_claim_name` | Both, 'roles_claim_name' and 'roles_claim_path' are set. For backwards compatibility, only `roles_claim_name`is used! |
   | `def`  | `def` | `def` | `roles_claim_name` | Both, 'roles_claim_name' and 'roles_claim_path' are set. For backwards compatibility, only `roles_claim_name`is used! |
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@couchdb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org