-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: allow to disable claim mirroring #3563
feat: allow to disable claim mirroring #3563
Conversation
Codecov Report
@@ Coverage Diff @@
## master #3563 +/- ##
==========================================
+ Coverage 76.24% 76.34% +0.10%
==========================================
Files 132 132
Lines 9901 9888 -13
==========================================
Hits 7549 7549
+ Misses 1837 1824 -13
Partials 515 515
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks very good already, thanks for the contribution!
I had only one remark, please see below.
oauth2/session.go
Outdated
} | ||
|
||
func NewSessionWithCustomClaims(subject string, allowedTopLevelClaims []string) *Session { | ||
func NewSessionWithCustomClaims(subject string, allowedTopLevelClaims []string, mirrorTopLevelClaims bool) *Session { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of passing each config option, we could pass the configuration provider here and read out the config values in the function body.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @hperl. The methods on the config provider require the context. So I've changed the signature to accept ctx first followed by the config provider.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thank you for the contribution 🎉
This PR introduces another config option called
oauth2:mirror_top_level_claims
which may be used to disable the mirroring of custom claims into theext
claim of the jwt.This new config option is an opt-in. If unused the behavior remains as-is to ensure backwards compatibility.
Example:
Related issue(s)
#3348
Checklist
introduces a new feature.
contributing code guidelines.
vulnerability. If this pull request addresses a security vulnerability, I
confirm that I got the approval (please contact
security@ory.sh) from the maintainers to push
the changes.
works.