mirror of
https://github.com/rocky-linux/peridot.git
synced 2025-01-11 21:46:53 +00:00
Fix authentication for machine clients
New Hydra v2 doesn't return an empty sub, but rather nil. Using GetSub() should fix this so we can do an introspection and fill in userInfo.Sub
This commit is contained in:
parent
eddab71ce8
commit
b63cd8ff31
1 changed files with 2 additions and 2 deletions
|
@ -92,7 +92,7 @@ func checkAuth(ctx context.Context, hydraSDK *client.APIClient, hydraAdmin *clie
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return ctx, err
|
return ctx, err
|
||||||
}
|
}
|
||||||
if *userInfo.Sub == "" && hydraAdmin != nil {
|
if userInfo.GetSub() == "" && hydraAdmin != nil {
|
||||||
introspect, _, err := hydraAdmin.OAuth2API.IntrospectOAuth2Token(ctx).Token(authToken[1]).Execute()
|
introspect, _, err := hydraAdmin.OAuth2API.IntrospectOAuth2Token(ctx).Token(authToken[1]).Execute()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.Errorf("error introspecting token: %s", err)
|
logrus.Errorf("error introspecting token: %s", err)
|
||||||
|
@ -104,7 +104,7 @@ func checkAuth(ctx context.Context, hydraSDK *client.APIClient, hydraAdmin *clie
|
||||||
newEmail := fmt.Sprintf("%s@%s", *introspect.Sub, "serviceaccount.resf.org")
|
newEmail := fmt.Sprintf("%s@%s", *introspect.Sub, "serviceaccount.resf.org")
|
||||||
userInfo.Email = &newEmail
|
userInfo.Email = &newEmail
|
||||||
}
|
}
|
||||||
if *userInfo.Sub == "" {
|
if userInfo.GetSub() == "" {
|
||||||
return ctx, status.Errorf(codes.Unauthenticated, "invalid authorization token")
|
return ctx, status.Errorf(codes.Unauthenticated, "invalid authorization token")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue