You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by rn...@apache.org on 2020/09/21 18:37:10 UTC

[couchdb] 01/01: feat(auth): Allow a custom JWT claim for roles

This is an automated email from the ASF dual-hosted git repository.

rnewson pushed a commit to branch custom-jwt-role-3.x
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit e9a51e7ccf67216276af3eae16485d2604d15ee2
Author: mauroporras <ma...@gmail.com>
AuthorDate: Thu May 28 08:53:25 2020 -0500

    feat(auth): Allow a custom JWT claim for roles
---
 rel/overlay/etc/default.ini        | 1 +
 src/couch/src/couch_httpd_auth.erl | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini
index 1a7a021..f2bf12f 100644
--- a/rel/overlay/etc/default.ini
+++ b/rel/overlay/etc/default.ini
@@ -148,6 +148,7 @@ max_db_number_for_dbs_info_req = 100
 ; can be the name of a claim like "exp" or a tuple if the claim requires
 ; a parameter
 ; required_claims = exp, {iss, "IssuerNameHere"}
+; roles_claim_name = https://example.com/roles
 ;
 ; [jwt_keys]
 ; Configure at least one key here if using the JWT auth handler.
diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl
index 96d60a2..e81cf04 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -198,7 +198,7 @@ jwt_authentication_handler(Req) ->
                         false -> throw({unauthorized, <<"Token missing sub claim.">>});
                         {_, User} -> Req#httpd{user_ctx=#user_ctx{
                             name = User,
-                            roles = couch_util:get_value(<<"_couchdb.roles">>, Claims, [])
+                            roles = couch_util:get_value(?l2b(config:get("jwt_auth", "roles_claim_name", "_couchdb.roles")), Claims, [])
                         }}
                     end;
                 {error, Reason} ->