yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-09-22 07:19:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix #3340: JWTFilter should accept a config to look up the email field in JWT token (#3341)

Browse Source
This commit is contained in:
Sriharsha Chintalapani 2022-03-11 15:03:11 -08:00 committed by GitHub
parent 7c84f063e6
commit 9a8d29b8ca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
catalog-rest-service/src/main/java/org/openmetadata/catalog/security/AuthenticationConfiguration.java
View File

@ -22,6 +22,7 @@ public class AuthenticationConfiguration {
@Getter @Setter private String authority;
@Getter @Setter private String clientId;
@Getter @Setter private String callbackUrl;
@Getter @Setter private String jwtEmail = "email";
@Override
public String toString() {

6
catalog-rest-service/src/main/java/org/openmetadata/catalog/security/JwtFilter.java
View File

@ -40,12 +40,14 @@ public class JwtFilter implements ContainerRequestFilter {
public static final String AUTHORIZATION_HEADER = "Authorization";
public static final String TOKEN_PREFIX = "Bearer";
private String publicKeyUri;
private String jwtEmail;
@SuppressWarnings("unused")
private JwtFilter() {}
public JwtFilter(AuthenticationConfiguration authenticationConfiguration) {
this.publicKeyUri = authenticationConfiguration.getPublicKey();
this.jwtEmail = authenticationConfiguration.getJwtEmail();
}
@SneakyThrows
@ -79,7 +81,9 @@ public class JwtFilter implements ContainerRequestFilter {
throw new AuthenticationException("Invalid token");
}
String authorizedEmail;
if (jwt.getClaims().get("email") != null) {
if (jwt.getClaims().get(jwtEmail) != null) {
authorizedEmail = jwt.getClaim(jwtEmail).as(TextNode.class).asText();
} else if (jwt.getClaims().get("email") != null) {
authorizedEmail = jwt.getClaim("email").as(TextNode.class).asText();
} else if (jwt.getClaims().get("preferred_username") != null) {
authorizedEmail = jwt.getClaim("preferred_username").as(TextNode.class).asText();