Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 444 for Claims (0.1 sec)

  1. internal/config/identity/openid/jwt.go

    	// and overwrite them with the claims from JWT.
    	if ok && pCfg.ClaimUserinfo {
    		if accessToken == "" {
    			return errors.New("access_token is mandatory if user_info claim is enabled")
    		}
    		uclaims, err := pCfg.UserInfo(ctx, accessToken, r.transport)
    		if err != nil {
    			return err
    		}
    		for k, v := range uclaims {
    			if _, ok := claims[k]; !ok { // only add to claims not update it.
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri Sep 06 02:46:36 UTC 2024
    - 8.4K bytes
    - Viewed (0)
  2. cmd/jwt.go

    			return nil, nil, false, errNoAuthToken
    		}
    		return nil, nil, false, err
    	}
    	claims := xjwt.NewMapClaims()
    	if err := xjwt.ParseWithClaims(token, claims, func(claims *xjwt.MapClaims) ([]byte, error) {
    		if claims.AccessKey != globalActiveCred.AccessKey {
    			u, ok := globalIAMSys.GetUser(req.Context(), claims.AccessKey)
    			if !ok {
    				// Credentials will be invalid but for disabled
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Mon Jul 22 07:04:48 UTC 2024
    - 4.5K bytes
    - Viewed (0)
  3. cmd/sts-handlers.go

    	// metadata map
    	claims[expClaim] = UTCNow().Add(time.Duration(expiry) * time.Second).Unix()
    	claims[subClaim] = parentUser
    	claims[roleArnClaim] = roleArn.String()
    	claims[parentClaim] = parentUser
    
    	// Add all other claims from the plugin **without** replacing any
    	// existing claims.
    	for k, v := range res.Success.Claims {
    		if _, ok := claims[k]; !ok {
    			claims[k] = v
    		}
    	}
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Thu Aug 15 01:29:20 UTC 2024
    - 33.9K bytes
    - Viewed (0)
  4. cmd/auth-handler.go

    		return token
    	}
    	return r.Form.Get(xhttp.AmzSecurityToken)
    }
    
    // Fetch claims in the security token returned by the client, doesn't return
    // errors - upon errors the returned claims map will be empty.
    func mustGetClaimsFromToken(r *http.Request) map[string]interface{} {
    	claims, _ := getClaimsFromToken(getSessionToken(r))
    	return claims
    }
    
    func getClaimsFromTokenWithSecret(token, secret string) (*xjwt.MapClaims, error) {
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Sep 17 16:45:46 UTC 2024
    - 26.1K bytes
    - Viewed (0)
  5. internal/config/identity/openid/jwt_test.go

    		{time.Duration(3) * time.Minute, "900", false},
    	}
    
    	for _, testCase := range testCases {
    		testCase := testCase
    		t.Run("", func(t *testing.T) {
    			claims := map[string]interface{}{}
    			claims["exp"] = testCase.exp
    			err := updateClaimsExpiry(testCase.dsecs, claims)
    			if err != nil && !testCase.expectedFailure {
    				t.Errorf("Expected success, got failure %s", err)
    			}
    			if err == nil && testCase.expectedFailure {
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri May 24 23:05:23 UTC 2024
    - 8.3K bytes
    - Viewed (0)
  6. cmd/admin-handlers-idp-ldap.go

    			writeErrorResponseJSON(ctx, w, APIErr, r.URL)
    			return
    		}
    
    		// In case of LDAP/OIDC we need to set `opts.claims` to ensure
    		// it is associated with the LDAP/OIDC user properly.
    		for k, v := range cred.Claims {
    			if k == expClaim {
    				continue
    			}
    			opts.claims[k] = v
    		}
    	} else {
    		// We still need to ensure that the target user is a valid LDAP user.
    		//
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Sat Sep 21 11:35:40 UTC 2024
    - 19.1K bytes
    - Viewed (0)
  7. internal/jwt/parser_test.go

    			var err error
    
    			// Figure out correct claims type
    			switch claims := data.claims.(type) {
    			case *MapClaims:
    				if data.tokenString == "" {
    					data.tokenString = mapClaimsToken(claims)
    				}
    				err = ParseWithClaims(data.tokenString, &MapClaims{}, data.keyfunc)
    			case *StandardClaims:
    				if data.tokenString == "" {
    					data.tokenString = standardClaimsToken(claims)
    				}
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri Nov 05 19:20:08 UTC 2021
    - 6K bytes
    - Viewed (0)
  8. internal/auth/credentials.go

    	return jwt.SignedString([]byte(tokenSecret))
    }
    
    // ExtractClaims extracts JWT claims from a security token using a secret key
    func ExtractClaims(token, secretKey string) (*jwt.MapClaims, error) {
    	if token == "" || secretKey == "" {
    		return nil, errors.New("invalid argument")
    	}
    
    	claims := jwt.NewMapClaims()
    	stsTokenCallback := func(claims *jwt.MapClaims) ([]byte, error) {
    		return []byte(secretKey), nil
    	}
    
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue May 28 17:14:16 UTC 2024
    - 12K bytes
    - Viewed (0)
  9. internal/jwt/parser.go

    		return jwtgo.ErrSignatureInvalid
    	}
    	borrow.ReturnAll()
    
    	if claims.AccessKey == "" && claims.Subject == "" {
    		return jwtgo.NewValidationError("accessKey/sub missing",
    			jwtgo.ValidationErrorClaimsInvalid)
    	}
    
    	// Signature is valid, lets validate the claims for
    	// other fields such as expiry etc.
    	return claims.Valid()
    }
    
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Sep 17 16:45:46 UTC 2024
    - 14.1K bytes
    - Viewed (0)
  10. docs/sts/wso2.md

    **We recommend setting `policy` as a custom claim for the JWT service provider follow [here](https://docs.wso2.com/display/IS550/Configuring+Claims+for+a+Service+Provider) and [here](https://docs.wso2.com/display/IS550/Handling+Custom+Claims+with+the+JWT+Bearer+Grant+Type) for relevant docs on how to configure claims for a service provider.**
    
    ### 5. Setup MinIO with OpenID configuration URL
    
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Thu Sep 29 04:28:45 UTC 2022
    - 8.7K bytes
    - Viewed (0)
Back to top