Search Options

Display Count
Sort
Preferred Language
Advanced Search

Results 1 - 10 of 34 for Claims (0.04 seconds)

  2. github.com/minio/minio

    internal/config/identity/openid/jwt.go 

    	// and overwrite them with the claims from JWT.
	if ok && pCfg.ClaimUserinfo {
		if accessToken == "" {
			return errors.New("access_token is mandatory if user_info claim is enabled")
		}
		uclaims, err := pCfg.UserInfo(ctx, accessToken, r.transport)
		if err != nil {
			return err
		}
		for k, v := range uclaims {
			if _, ok := claims[k]; !ok { // only add to claims not update it.
				claims[k] = v
    Created: Sun Dec 28 19:28:13 GMT 2025
    - Last Modified: Fri Aug 29 02:39:48 GMT 2025
    - 8.4K bytes
    - Click Count (0)
  3. github.com/minio/minio

    cmd/jwt.go 

    		// Check if the access key is part of users credentials.
		u, ok := globalIAMSys.GetUser(req.Context(), claims.AccessKey)
		if !ok {
			return nil, nil, false, errInvalidAccessKeyID
		}
		ucred := u.Credentials
		// get embedded claims
		eclaims, s3Err := checkClaimsFromToken(req, ucred)
		if s3Err != ErrNone {
			return nil, nil, false, errAuthentication
		}

		maps.Copy(claims.MapClaims, eclaims)
    Created: Sun Dec 28 19:28:13 GMT 2025
    - Last Modified: Fri Aug 29 02:39:48 GMT 2025
    - 4.5K bytes
    - Click Count (0)
  4. github.com/minio/minio

    internal/jwt/parser_test.go 

    			var err error

			// Figure out correct claims type
			switch claims := data.claims.(type) {
			case *MapClaims:
				if data.tokenString == "" {
					data.tokenString = mapClaimsToken(claims)
				}
				err = ParseWithClaims(data.tokenString, &MapClaims{}, data.keyfunc)
			case *StandardClaims:
				if data.tokenString == "" {
					data.tokenString = standardClaimsToken(claims)
				}
    Created: Sun Dec 28 19:28:13 GMT 2025
    - Last Modified: Fri Aug 29 02:39:48 GMT 2025
    - 6K bytes
    - Click Count (0)
  5. github.com/minio/minio

    docs/sts/wso2.md 

    **We recommend setting `policy` as a custom claim for the JWT service provider follow [here](https://docs.wso2.com/display/IS550/Configuring+Claims+for+a+Service+Provider) and [here](https://docs.wso2.com/display/IS550/Handling+Custom+Claims+with+the+JWT+Bearer+Grant+Type) for relevant docs on how to configure claims for a service provider.**

### 5. Setup MinIO with OpenID configuration URL
    Created: Sun Dec 28 19:28:13 GMT 2025
    - Last Modified: Tue Aug 12 18:20:36 GMT 2025
    - 8.7K bytes
    - Click Count (0)
  6. github.com/minio/minio

    internal/config/identity/openid/jwt_test.go 

    		{1574812326.000, "900", false},
		{time.Duration(3) * time.Minute, "900", false},
	}

	for _, testCase := range testCases {
		t.Run("", func(t *testing.T) {
			claims := map[string]any{}
			claims["exp"] = testCase.exp
			err := updateClaimsExpiry(testCase.dsecs, claims)
			if err != nil && !testCase.expectedFailure {
				t.Errorf("Expected success, got failure %s", err)
			}
			if err == nil && testCase.expectedFailure {
    Created: Sun Dec 28 19:28:13 GMT 2025
    - Last Modified: Fri Aug 29 02:39:48 GMT 2025
    - 8.2K bytes
    - Click Count (0)
  7. github.com/minio/minio

    cmd/user-provider-utils.go 

    func guessUserProvider(credentials auth.Credentials) string {
	if !credentials.IsServiceAccount() && !credentials.IsTemp() {
		return madmin.BuiltinProvider // regular users are always internal
	}

	claims := credentials.Claims
	if _, ok := claims[ldapUser]; ok {
		return madmin.LDAPProvider // ldap users
	}

	if _, ok := claims[subClaim]; ok {
    Created: Sun Dec 28 19:28:13 GMT 2025
    - Last Modified: Fri Aug 29 02:39:48 GMT 2025
    - 4.1K bytes
    - Click Count (0)
  8. github.com/minio/minio

    cmd/bucket-policy.go 

    	// JWT specific values
	//
	// Add all string claims
	for k, v := range claims {
		vStr, ok := v.(string)
		if ok {
			// Trim any LDAP specific prefix
			args[strings.ToLower(strings.TrimPrefix(k, "ldap"))] = []string{vStr}
		}
	}

	// Add groups claim which could be a list. This will ensure that the claim
	// `jwt:groups` works.
	if grpsVal, ok := claims["groups"]; ok {
		if grpsIs, ok := grpsVal.([]any); ok {
    Created: Sun Dec 28 19:28:13 GMT 2025
    - Last Modified: Fri Aug 29 02:39:48 GMT 2025
    - 7.9K bytes
    - Click Count (0)
  9. github.com/minio/minio

    internal/config/identity/openid/providercfg.go 

    		return ""
	}
	return p.roleArn.String()
}

// UserInfo returns claims for authenticated user from userInfo endpoint.
//
// Some OIDC implementations such as GitLab do not support
// claims as part of the normal oauth2 flow, instead rely
// on service providers making calls to IDP to fetch additional
// claims available from the UserInfo endpoint
    Created: Sun Dec 28 19:28:13 GMT 2025
    - Last Modified: Fri Aug 29 02:39:48 GMT 2025
    - 4.7K bytes
    - Click Count (0)
  10. github.com/minio/minio

    cmd/admin-handlers-idp-openid.go 

    		_, ok := accessKey.Claims[subClaim]
		if !ok {
			continue // OpenID access keys must have a sub claim
		}
		if (!listSTSKeys && !accessKey.IsServiceAccount()) || (!listServiceAccounts && accessKey.IsServiceAccount()) {
			continue // skip if not the type we want
		}
		arn, ok := accessKey.Claims[roleArnClaim].(string)
		if !ok {
			if _, ok := accessKey.Claims[iamPolicyClaimNameOpenID()]; !ok {
    Created: Sun Dec 28 19:28:13 GMT 2025
    - Last Modified: Sat Sep 06 17:38:46 GMT 2025
    - 7.6K bytes
    - Click Count (0)
  11. github.com/minio/minio

    cmd/signature-v4-utils.go 

    				return cred, false, ErrAccessKeyDisabled
			}
			return cred, false, ErrInvalidAccessKeyID
		}
		cred = u.Credentials
	}

	claims, s3Err := checkClaimsFromToken(r, cred)
	if s3Err != ErrNone {
		return cred, false, s3Err
	}
	cred.Claims = claims

	owner := cred.AccessKey == globalActiveCred.AccessKey || (cred.ParentUser == globalActiveCred.AccessKey && cred.AccessKey != siteReplicatorSvcAcc)
    Created: Sun Dec 28 19:28:13 GMT 2025
    - Last Modified: Mon Nov 25 17:10:22 GMT 2024
    - 9.1K bytes
    - Click Count (0)
Back to Top