From daae3c48e399cdedd3af9befbf159a013e5ac7c4 Mon Sep 17 00:00:00 2001
From: Mohit Yadav <105265192+mohityadav766@users.noreply.github.com>
Date: Wed, 3 Apr 2024 16:12:42 +0530
Subject: [PATCH] - Do not validate bot domain (#15796)

---
 .../java/org/openmetadata/service/security/JwtFilter.java   | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/security/JwtFilter.java b/openmetadata-service/src/main/java/org/openmetadata/service/security/JwtFilter.java
index 62accf5d38d..71d060c0fce 100644
--- a/openmetadata-service/src/main/java/org/openmetadata/service/security/JwtFilter.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/security/JwtFilter.java
@@ -218,8 +218,10 @@ public class JwtFilter implements ContainerRequestFilter {
       domain = StringUtils.EMPTY;
     }
 
-    // validate principal domain
-    if (enforcePrincipalDomain && !domain.equals(principalDomain)) {
+    // validate principal domain, for users
+    boolean isBot =
+        claims.containsKey(BOT_CLAIM) && Boolean.TRUE.equals(claims.get(BOT_CLAIM).asBoolean());
+    if (!isBot && (enforcePrincipalDomain && !domain.equals(principalDomain))) {
       throw new AuthenticationException(
           String.format(
               "Not Authorized! Email does not match the principal domain %s", principalDomain));