mirror of
https://github.com/rocky-linux/peridot.git
synced 2024-12-22 02:38:30 +00:00
Fix authentication for machine clients
New Hydra v2 doesn't return an empty sub, but rather nil. Using GetSub() should fix this so we can do an introspection and fill in userInfo.Sub
This commit is contained in:
parent
eddab71ce8
commit
b63cd8ff31
@ -92,7 +92,7 @@ func checkAuth(ctx context.Context, hydraSDK *client.APIClient, hydraAdmin *clie
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return ctx, err
|
return ctx, err
|
||||||
}
|
}
|
||||||
if *userInfo.Sub == "" && hydraAdmin != nil {
|
if userInfo.GetSub() == "" && hydraAdmin != nil {
|
||||||
introspect, _, err := hydraAdmin.OAuth2API.IntrospectOAuth2Token(ctx).Token(authToken[1]).Execute()
|
introspect, _, err := hydraAdmin.OAuth2API.IntrospectOAuth2Token(ctx).Token(authToken[1]).Execute()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.Errorf("error introspecting token: %s", err)
|
logrus.Errorf("error introspecting token: %s", err)
|
||||||
@ -104,7 +104,7 @@ func checkAuth(ctx context.Context, hydraSDK *client.APIClient, hydraAdmin *clie
|
|||||||
newEmail := fmt.Sprintf("%s@%s", *introspect.Sub, "serviceaccount.resf.org")
|
newEmail := fmt.Sprintf("%s@%s", *introspect.Sub, "serviceaccount.resf.org")
|
||||||
userInfo.Email = &newEmail
|
userInfo.Email = &newEmail
|
||||||
}
|
}
|
||||||
if *userInfo.Sub == "" {
|
if userInfo.GetSub() == "" {
|
||||||
return ctx, status.Errorf(codes.Unauthenticated, "invalid authorization token")
|
return ctx, status.Errorf(codes.Unauthenticated, "invalid authorization token")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user