Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 254 for Claims (0.09 sec)

  2. github.com/minio/minio

    internal/config/identity/openid/jwt.go 

    	// and overwrite them with the claims from JWT.
	if ok && pCfg.ClaimUserinfo {
		if accessToken == "" {
			return errors.New("access_token is mandatory if user_info claim is enabled")
		}
		uclaims, err := pCfg.UserInfo(ctx, accessToken, r.transport)
		if err != nil {
			return err
		}
		for k, v := range uclaims {
			if _, ok := claims[k]; !ok { // only add to claims not update it.
				claims[k] = v
    Registered: Sun Dec 28 19:28:13 UTC 2025
    - Last Modified: Fri Aug 29 02:39:48 UTC 2025
    - 8.4K bytes
    - Viewed (0)
  3. github.com/minio/minio

    cmd/jwt.go 

    		// Check if the access key is part of users credentials.
		u, ok := globalIAMSys.GetUser(req.Context(), claims.AccessKey)
		if !ok {
			return nil, nil, false, errInvalidAccessKeyID
		}
		ucred := u.Credentials
		// get embedded claims
		eclaims, s3Err := checkClaimsFromToken(req, ucred)
		if s3Err != ErrNone {
			return nil, nil, false, errAuthentication
		}

		maps.Copy(claims.MapClaims, eclaims)
    Registered: Sun Dec 28 19:28:13 UTC 2025
    - Last Modified: Fri Aug 29 02:39:48 UTC 2025
    - 4.5K bytes
    - Viewed (0)
  4. github.com/minio/minio

    cmd/sts-handlers.go 

    		writeSTSErrorResponse(ctx, w, ErrSTSInvalidParameterValue, err)
		return
	}

	claims[expClaim] = UTCNow().Add(expiryDur).Unix()
	claims[ldapUser] = ldapUserDN
	claims[ldapActualUser] = ldapActualUserDN
	claims[ldapUserN] = ldapUsername
	// Add lookup up LDAP attributes as claims.
	for attrib, value := range lookupResult.Attributes {
		claims[ldapAttribPrefix+attrib] = value
	}
	tokenRevokeType := r.Form.Get(stsRevokeTokenType)
    Registered: Sun Dec 28 19:28:13 UTC 2025
    - Last Modified: Fri Aug 29 02:39:48 UTC 2025
    - 36.6K bytes
    - Viewed (0)
  5. github.com/minio/minio

    cmd/auth-handler.go 

    		return token
	}
	return r.Form.Get(xhttp.AmzSecurityToken)
}

// Fetch claims in the security token returned by the client, doesn't return
// errors - upon errors the returned claims map will be empty.
func mustGetClaimsFromToken(r *http.Request) map[string]any {
	claims, _ := getClaimsFromToken(getSessionToken(r))
	return claims
}

func getClaimsFromTokenWithSecret(token, secret string) (*xjwt.MapClaims, error) {
    Registered: Sun Dec 28 19:28:13 UTC 2025
    - Last Modified: Fri Aug 29 02:39:48 UTC 2025
    - 25.4K bytes
    - Viewed (0)
  6. github.com/minio/minio

    cmd/admin-handlers-idp-ldap.go 

    			writeErrorResponseJSON(ctx, w, APIErr, r.URL)
			return
		}

		// In case of LDAP/OIDC we need to set `opts.claims` to ensure
		// it is associated with the LDAP/OIDC user properly.
		for k, v := range cred.Claims {
			if k == expClaim {
				continue
			}
			opts.claims[k] = v
		}
	} else {
		// We still need to ensure that the target user is a valid LDAP user.
		//
    Registered: Sun Dec 28 19:28:13 UTC 2025
    - Last Modified: Fri Aug 08 02:46:04 UTC 2025
    - 19.2K bytes
    - Viewed (0)
  7. github.com/minio/minio

    internal/auth/credentials.go 

    	return jwt.SignedString([]byte(tokenSecret))
}

// ExtractClaims extracts JWT claims from a security token using a secret key
func ExtractClaims(token, secretKey string) (*jwt.MapClaims, error) {
	if token == "" || secretKey == "" {
		return nil, errors.New("invalid argument")
	}

	claims := jwt.NewMapClaims()
	stsTokenCallback := func(claims *jwt.MapClaims) ([]byte, error) {
		return []byte(secretKey), nil
	}
    Registered: Sun Dec 28 19:28:13 UTC 2025
    - Last Modified: Fri Aug 29 02:39:48 UTC 2025
    - 11.8K bytes
    - Viewed (0)
  8. github.com/minio/minio

    internal/config/identity/openid/jwt_test.go 

    		{1574812326.000, "900", false},
		{time.Duration(3) * time.Minute, "900", false},
	}

	for _, testCase := range testCases {
		t.Run("", func(t *testing.T) {
			claims := map[string]any{}
			claims["exp"] = testCase.exp
			err := updateClaimsExpiry(testCase.dsecs, claims)
			if err != nil && !testCase.expectedFailure {
				t.Errorf("Expected success, got failure %s", err)
			}
			if err == nil && testCase.expectedFailure {
    Registered: Sun Dec 28 19:28:13 UTC 2025
    - Last Modified: Fri Aug 29 02:39:48 UTC 2025
    - 8.2K bytes
    - Viewed (0)
  9. github.com/minio/minio

    docs/sts/wso2.md 

    **We recommend setting `policy` as a custom claim for the JWT service provider follow [here](https://docs.wso2.com/display/IS550/Configuring+Claims+for+a+Service+Provider) and [here](https://docs.wso2.com/display/IS550/Handling+Custom+Claims+with+the+JWT+Bearer+Grant+Type) for relevant docs on how to configure claims for a service provider.**

### 5. Setup MinIO with OpenID configuration URL
    Registered: Sun Dec 28 19:28:13 UTC 2025
    - Last Modified: Tue Aug 12 18:20:36 UTC 2025
    - 8.7K bytes
    - Viewed (0)
  10. github.com/minio/minio

    internal/jwt/parser_test.go 

    			var err error

			// Figure out correct claims type
			switch claims := data.claims.(type) {
			case *MapClaims:
				if data.tokenString == "" {
					data.tokenString = mapClaimsToken(claims)
				}
				err = ParseWithClaims(data.tokenString, &MapClaims{}, data.keyfunc)
			case *StandardClaims:
				if data.tokenString == "" {
					data.tokenString = standardClaimsToken(claims)
				}
    Registered: Sun Dec 28 19:28:13 UTC 2025
    - Last Modified: Fri Aug 29 02:39:48 UTC 2025
    - 6K bytes
    - Viewed (0)
  11. github.com/minio/minio

    internal/jwt/parser.go 

    		return jwtgo.ErrSignatureInvalid
	}
	borrow.ReturnAll()

	if claims.AccessKey == "" && claims.Subject == "" {
		return jwtgo.NewValidationError("accessKey/sub missing",
			jwtgo.ValidationErrorClaimsInvalid)
	}

	// Signature is valid, lets validate the claims for
	// other fields such as expiry etc.
	return claims.Valid()
}
    Registered: Sun Dec 28 19:28:13 UTC 2025
    - Last Modified: Sun Sep 28 20:59:21 UTC 2025
    - 14.1K bytes
    - Viewed (0)
Back to top