Add new extended list of JWT keys from OpenID group (#9087)

https://www.iana.org/assignments/jwt/jwt.xhtml#claims
master
kannappanr 5 years ago committed by GitHub
parent 9ad1c2d07d
commit 2f2c7d91a8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 75
      pkg/bucket/policy/condition/jwt.go
  2. 28
      pkg/bucket/policy/condition/key.go

@ -0,0 +1,75 @@
/*
* MinIO Cloud Storage, (C) 2020 MinIO, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package condition
// JWT claims supported substitutions.
// https://www.iana.org/assignments/jwt/jwt.xhtml#claims
const (
// JWTSub - JWT subject claim substitution.
JWTSub Key = "jwt:sub"
// JWTIss issuer claim substitution.
JWTIss Key = "jwt:iss"
// JWTAud audience claim substitution.
JWTAud Key = "jwt:aud"
// JWTJti JWT unique identifier claim substitution.
JWTJti Key = "jwt:jti"
JWTName Key = "jwt:name"
JWTGivenName Key = "jwt:given_name"
JWTFamilyName Key = "jwt:family_name"
JWTMiddleName Key = "jwt:middle_name"
JWTNickName Key = "jwt:nickname"
JWTPrefUsername Key = "jwt:preferred_username"
JWTProfile Key = "jwt:profile"
JWTPicture Key = "jwt:picture"
JWTWebsite Key = "jwt:website"
JWTEmail Key = "jwt:email"
JWTGender Key = "jwt:gender"
JWTBirthdate Key = "jwt:birthdate"
JWTPhoneNumber Key = "jwt:phone_number"
JWTAddress Key = "jwt:address"
JWTScope Key = "jwt:scope"
JWTClientID Key = "jwt:client_id"
)
// JWTKeys - Supported JWT keys, non-exhaustive list please
// expand as new claims are standardized.
var JWTKeys = []Key{
JWTSub,
JWTIss,
JWTAud,
JWTJti,
JWTName,
JWTGivenName,
JWTFamilyName,
JWTMiddleName,
JWTNickName,
JWTPrefUsername,
JWTProfile,
JWTPicture,
JWTWebsite,
JWTEmail,
JWTGender,
JWTBirthdate,
JWTPhoneNumber,
JWTAddress,
JWTScope,
JWTClientID,
}

@ -85,22 +85,10 @@ const (
// AWSUsername - user friendly name, in MinIO this value is same as your user Access Key.
AWSUsername Key = "aws:username"
// JWTSub - JWT subject claim substitution.
JWTSub Key = "jwt:sub"
// JWTIss issuer claim substitution.
JWTIss Key = "jwt:iss"
// JWTAud audience claim substitution.
JWTAud Key = "jwt:aud"
// JWTJti JWT unique identifier claim substitution.
JWTJti Key = "jwt:jti"
)
// AllSupportedKeys - is list of all all supported keys.
var AllSupportedKeys = []Key{
var AllSupportedKeys = append([]Key{
S3XAmzCopySource,
S3XAmzServerSideEncryption,
S3XAmzServerSideEncryptionCustomerAlgorithm,
@ -119,15 +107,11 @@ var AllSupportedKeys = []Key{
AWSPrincipalType,
AWSUserID,
AWSUsername,
JWTSub,
JWTIss,
JWTAud,
JWTJti,
// Add new supported condition keys.
}
}, JWTKeys...)
// CommonKeys - is list of all common condition keys.
var CommonKeys = []Key{
var CommonKeys = append([]Key{
AWSReferer,
AWSSourceIP,
AWSUserAgent,
@ -137,11 +121,7 @@ var CommonKeys = []Key{
AWSPrincipalType,
AWSUserID,
AWSUsername,
JWTSub,
JWTIss,
JWTAud,
JWTJti,
}
}, JWTKeys...)
func substFuncFromValues(values map[string][]string) func(string) string {
return func(v string) string {

Loading…
Cancel
Save