Skip to content

Commit

Permalink
added a config value accept_audience (#24)
Browse files Browse the repository at this point in the history
Intended to use in cases where the audience param shall not be the host URL
Can be overwritten as before by the ENV
  • Loading branch information
bellebaum authored Nov 5, 2021
1 parent b83ec8b commit cb6d5e5
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 1 deletion.
3 changes: 3 additions & 0 deletions config/omejdn.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ app_env: debug
# Enable OpenID funtionality
openid: true

# Overwrite the aud claim value to accept in client's bearer tokens (defaults to host)
#accept_audience:

# Token singing keys and default values
token:
expiration: 3600
Expand Down
2 changes: 1 addition & 1 deletion lib/client.rb
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ def self.find_by_jwt(jwt)

puts "Client #{jwt_cid} found"
# Try verify
aud = ENV['OMEJDN_JWT_AUD_OVERRIDE'] || Config.base_config['host']
aud = Config.base_config['accept_audience']
JWT.decode jwt, client.certificate&.public_key, true,
{ nbf_leeway: 30, aud: aud, verify_aud: true, algorithm: jwt_alg }
return client
Expand Down
2 changes: 2 additions & 0 deletions omejdn.rb
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,8 @@ def adjust_config
base_config['bind_to'] = ENV['BIND_TO'] || base_config['bind_to'] || '0.0.0.0'
base_config['allow_origin'] = ENV['ALLOW_ORIGIN'] || base_config['allow_origin'] || '*'
base_config['app_env'] = ENV['APP_ENV'] || base_config['app_env'] || 'debug'
base_config['accept_audience'] =
ENV['OMEJDN_JWT_AUD_OVERRIDE'] || base_config['accept_audience'] || base_config['host']
Config.base_config = base_config
end

Expand Down

0 comments on commit cb6d5e5

Please sign in to comment.