-
Notifications
You must be signed in to change notification settings - Fork 62
/
Copy pathprovider_secureauth.go
47 lines (38 loc) · 1.58 KB
/
provider_secureauth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package jwtauth
import (
"context"
"fmt"
"strings"
"golang.org/x/oauth2"
)
// SecureAuthProvider is used for SecureAuth-specific configuration
type SecureAuthProvider struct{}
// Initialize anything in the SecureAuthProvider struct - satisfying the CustomProvider interface
func (a *SecureAuthProvider) Initialize(_ context.Context, _ *jwtConfig) error {
return nil
}
// SensitiveKeys - satisfying the CustomProvider interface
func (a *SecureAuthProvider) SensitiveKeys() []string {
return []string{}
}
// FetchGroups - custom groups fetching for secureauth - satisfying GroupsFetcher interface
// SecureAuth by default will return groups not as a json list but as a list of comma seperated strings
// We need to convert this to a json list
func (a *SecureAuthProvider) FetchGroups(_ context.Context, b *jwtAuthBackend, allClaims map[string]interface{}, role *jwtRole, _ oauth2.TokenSource) (interface{}, error) {
groupsClaimRaw := getClaim(b.Logger(), allClaims, role.GroupsClaim)
if groupsClaimRaw != nil {
// Try to convert the comma seperated list of strings into a list
if groupsstr, ok := groupsClaimRaw.(string); ok {
rawsecureauthGroups := strings.Split(groupsstr, ",")
secureauthGroups := make([]interface{}, 0, len(rawsecureauthGroups))
for group := range rawsecureauthGroups {
secureauthGroups = append(secureauthGroups, rawsecureauthGroups[group])
}
groupsClaimRaw = secureauthGroups
}
}
b.Logger().Debug(fmt.Sprintf("post: groups claim raw is %v", groupsClaimRaw))
return groupsClaimRaw, nil
}