Skip to content

Commit

Permalink
Add support for roles to be obtained from JWTs. (#2694)
Browse files Browse the repository at this point in the history 
Add support for roles to be obtained from JWTs
  • Loading branch information
@atrauzzi
atrauzzi committed Mar 24, 2020
1 parent 5c52904 commit 1890168
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
3 changes: 2 additions & 1 deletion src/couch/src/couch_httpd_auth.erl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,8 @@ jwt_authentication_handler(Req) ->
case lists:keyfind(<<"sub">>, 1, Claims) of
false -> throw({unauthorized, <<"Token missing sub claim.">>});
{_, User} -> Req#httpd{user_ctx=#user_ctx{
name=User
name = User,
roles = couch_util:get_value(<<"roles">>, Claims, [])
}}
end;
{error, Reason} ->
Expand Down
3 changes: 2 additions & 1 deletion test/elixir/test/jwtauth_test.exs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,13 +103,14 @@ defmodule JwtAuthTest do
end

def test_fun(alg, key) do
{:ok, token} = :jwtf.encode({[{"alg", alg}, {"typ", "JWT"}]}, {[{"sub", "[email protected]"}]}, key)
{:ok, token} = :jwtf.encode({[{"alg", alg}, {"typ", "JWT"}]}, {[{"sub", "[email protected]"}, {"roles", ["testing"]}]}, key)

resp = Couch.get("/_session",
headers: [authorization: "Bearer #{token}"]
)

assert resp.body["userCtx"]["name"] == "[email protected]"
assert resp.body["userCtx"]["roles"] == ["testing"]
assert resp.body["info"]["authenticated"] == "jwt"
end

Expand Down

0 comments on commit 1890168

Please sign in to comment.