From bc11f16e19dcb0b7df1bb84afda4993c93a38e62 Mon Sep 17 00:00:00 2001 From: Cosmin Tupangiu Date: Wed, 11 Dec 2024 14:17:32 +0100 Subject: [PATCH] auth: Fix user claim name and remove client_id The right claim for the username is _preffered_username_. Also, `client_id` is removed because we don't need it. Signed-off-by: Cosmin Tupangiu --- internal/auth/rhsso_authenticator.go | 3 +-- internal/auth/rhsso_authenticator_test.go | 6 +++--- internal/auth/user.go | 1 - 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/internal/auth/rhsso_authenticator.go b/internal/auth/rhsso_authenticator.go index 9416d08..0fbac3e 100644 --- a/internal/auth/rhsso_authenticator.go +++ b/internal/auth/rhsso_authenticator.go @@ -55,9 +55,8 @@ func (rh *RHSSOAuthenticator) parseToken(userToken *jwt.Token) (User, error) { } return User{ - Username: claims["username"].(string), + Username: claims["preffered_username"].(string), Organization: claims["org_id"].(string), - ClientID: claims["client_id"].(string), }, nil } diff --git a/internal/auth/rhsso_authenticator_test.go b/internal/auth/rhsso_authenticator_test.go index d1045ef..845e5f4 100644 --- a/internal/auth/rhsso_authenticator_test.go +++ b/internal/auth/rhsso_authenticator_test.go @@ -95,7 +95,7 @@ func (h *handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { func generateValidToken() (string, func(t *jwt.Token) (any, error)) { type TokenClaims struct { - Username string `json:"username"` + Username string `json:"preffered_username"` ClientID string `json:"client_id"` OrgID string `json:"org_id"` jwt.RegisteredClaims @@ -132,7 +132,7 @@ func generateValidToken() (string, func(t *jwt.Token) (any, error)) { func generateInvalidValidToken(missingClaim string) (string, func(t *jwt.Token) (any, error)) { type TokenClaims struct { - Username string `json:"username"` + Username string `json:"preffered_username"` ClientID string `json:"client_id"` OrgID string `json:"org_id"` jwt.RegisteredClaims @@ -176,7 +176,7 @@ func generateInvalidValidToken(missingClaim string) (string, func(t *jwt.Token) func generateInvalidTokenWrongSigningMethod() (string, func(t *jwt.Token) (any, error)) { type TokenClaims struct { - Username string `json:"username"` + Username string `json:"preffered_username"` ClientID string `json:"client_id"` OrgID string `json:"org_id"` jwt.RegisteredClaims diff --git a/internal/auth/user.go b/internal/auth/user.go index fe23603..edc0d41 100644 --- a/internal/auth/user.go +++ b/internal/auth/user.go @@ -23,5 +23,4 @@ func newContext(ctx context.Context, u User) context.Context { type User struct { Username string Organization string - ClientID string }