Search Options

Display Count
Sort
Preferred Language
Advanced Search

Results 1 - 10 of 54 for eclaims (0.07 seconds)

  2. github.com/minio/minio

    cmd/jwt.go 

    		// Check if the access key is part of users credentials.
		u, ok := globalIAMSys.GetUser(req.Context(), claims.AccessKey)
		if !ok {
			return nil, nil, false, errInvalidAccessKeyID
		}
		ucred := u.Credentials
		// get embedded claims
		eclaims, s3Err := checkClaimsFromToken(req, ucred)
		if s3Err != ErrNone {
			return nil, nil, false, errAuthentication
		}

		maps.Copy(claims.MapClaims, eclaims)
    Created: Sun Dec 28 19:28:13 GMT 2025
    - Last Modified: Fri Aug 29 02:39:48 GMT 2025
    - 4.5K bytes
    - Click Count (0)
  3. github.com/minio/minio

    internal/config/identity/openid/jwt.go 

    	// and overwrite them with the claims from JWT.
	if ok && pCfg.ClaimUserinfo {
		if accessToken == "" {
			return errors.New("access_token is mandatory if user_info claim is enabled")
		}
		uclaims, err := pCfg.UserInfo(ctx, accessToken, r.transport)
		if err != nil {
			return err
		}
		for k, v := range uclaims {
			if _, ok := claims[k]; !ok { // only add to claims not update it.
				claims[k] = v
    Created: Sun Dec 28 19:28:13 GMT 2025
    - Last Modified: Fri Aug 29 02:39:48 GMT 2025
    - 8.4K bytes
    - Click Count (0)
  4. github.com/minio/minio

    cmd/sts-handlers.go 

    		writeSTSErrorResponse(ctx, w, ErrSTSInvalidParameterValue, err)
		return
	}

	claims[expClaim] = UTCNow().Add(expiryDur).Unix()
	claims[ldapUser] = ldapUserDN
	claims[ldapActualUser] = ldapActualUserDN
	claims[ldapUserN] = ldapUsername
	// Add lookup up LDAP attributes as claims.
	for attrib, value := range lookupResult.Attributes {
		claims[ldapAttribPrefix+attrib] = value
	}
	tokenRevokeType := r.Form.Get(stsRevokeTokenType)
    Created: Sun Dec 28 19:28:13 GMT 2025
    - Last Modified: Fri Aug 29 02:39:48 GMT 2025
    - 36.6K bytes
    - Click Count (0)
  5. github.com/minio/minio

    internal/jwt/parser_test.go 

    			var err error

			// Figure out correct claims type
			switch claims := data.claims.(type) {
			case *MapClaims:
				if data.tokenString == "" {
					data.tokenString = mapClaimsToken(claims)
				}
				err = ParseWithClaims(data.tokenString, &MapClaims{}, data.keyfunc)
			case *StandardClaims:
				if data.tokenString == "" {
					data.tokenString = standardClaimsToken(claims)
				}
    Created: Sun Dec 28 19:28:13 GMT 2025
    - Last Modified: Fri Aug 29 02:39:48 GMT 2025
    - 6K bytes
    - Click Count (0)
  6. github.com/minio/minio

    cmd/admin-handlers-idp-openid.go 

    		_, ok := accessKey.Claims[subClaim]
		if !ok {
			continue // OpenID access keys must have a sub claim
		}
		if (!listSTSKeys && !accessKey.IsServiceAccount()) || (!listServiceAccounts && accessKey.IsServiceAccount()) {
			continue // skip if not the type we want
		}
		arn, ok := accessKey.Claims[roleArnClaim].(string)
		if !ok {
			if _, ok := accessKey.Claims[iamPolicyClaimNameOpenID()]; !ok {
    Created: Sun Dec 28 19:28:13 GMT 2025
    - Last Modified: Sat Sep 06 17:38:46 GMT 2025
    - 7.6K bytes
    - Click Count (0)
  7. github.com/minio/minio

    internal/config/identity/openid/jwt_test.go 

    		{1574812326.000, "900", false},
		{time.Duration(3) * time.Minute, "900", false},
	}

	for _, testCase := range testCases {
		t.Run("", func(t *testing.T) {
			claims := map[string]any{}
			claims["exp"] = testCase.exp
			err := updateClaimsExpiry(testCase.dsecs, claims)
			if err != nil && !testCase.expectedFailure {
				t.Errorf("Expected success, got failure %s", err)
			}
			if err == nil && testCase.expectedFailure {
    Created: Sun Dec 28 19:28:13 GMT 2025
    - Last Modified: Fri Aug 29 02:39:48 GMT 2025
    - 8.2K bytes
    - Click Count (0)
  8. github.com/minio/minio

    cmd/bucket-policy.go 

    	// JWT specific values
	//
	// Add all string claims
	for k, v := range claims {
		vStr, ok := v.(string)
		if ok {
			// Trim any LDAP specific prefix
			args[strings.ToLower(strings.TrimPrefix(k, "ldap"))] = []string{vStr}
		}
	}

	// Add groups claim which could be a list. This will ensure that the claim
	// `jwt:groups` works.
	if grpsVal, ok := claims["groups"]; ok {
		if grpsIs, ok := grpsVal.([]any); ok {
    Created: Sun Dec 28 19:28:13 GMT 2025
    - Last Modified: Fri Aug 29 02:39:48 GMT 2025
    - 7.9K bytes
    - Click Count (0)
  9. github.com/minio/minio

    internal/auth/credentials.go 

    	return jwt.SignedString([]byte(tokenSecret))
}

// ExtractClaims extracts JWT claims from a security token using a secret key
func ExtractClaims(token, secretKey string) (*jwt.MapClaims, error) {
	if token == "" || secretKey == "" {
		return nil, errors.New("invalid argument")
	}

	claims := jwt.NewMapClaims()
	stsTokenCallback := func(claims *jwt.MapClaims) ([]byte, error) {
		return []byte(secretKey), nil
	}
    Created: Sun Dec 28 19:28:13 GMT 2025
    - Last Modified: Fri Aug 29 02:39:48 GMT 2025
    - 11.8K bytes
    - Click Count (0)
  10. github.com/minio/minio

    cmd/auth-handler.go 

    		return token
	}
	return r.Form.Get(xhttp.AmzSecurityToken)
}

// Fetch claims in the security token returned by the client, doesn't return
// errors - upon errors the returned claims map will be empty.
func mustGetClaimsFromToken(r *http.Request) map[string]any {
	claims, _ := getClaimsFromToken(getSessionToken(r))
	return claims
}

func getClaimsFromTokenWithSecret(token, secret string) (*xjwt.MapClaims, error) {
    Created: Sun Dec 28 19:28:13 GMT 2025
    - Last Modified: Fri Aug 29 02:39:48 GMT 2025
    - 25.4K bytes
    - Click Count (0)
  11. github.com/minio/minio

    internal/jwt/parser.go 

    		return jwtgo.ErrSignatureInvalid
	}
	borrow.ReturnAll()

	if claims.AccessKey == "" && claims.Subject == "" {
		return jwtgo.NewValidationError("accessKey/sub missing",
			jwtgo.ValidationErrorClaimsInvalid)
	}

	// Signature is valid, lets validate the claims for
	// other fields such as expiry etc.
	return claims.Valid()
}
    Created: Sun Dec 28 19:28:13 GMT 2025
    - Last Modified: Sun Sep 28 20:59:21 GMT 2025
    - 14.1K bytes
    - Click Count (0)
Back to Top