Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Namespaces in JWT Claims #26185

Closed
agea opened this issue Jun 16, 2022 · 3 comments · Fixed by #26232
Closed

Namespaces in JWT Claims #26185

agea opened this issue Jun 16, 2022 · 3 comments · Fixed by #26232
Labels
area/oidc kind/bug Something isn't working
Milestone
2.10.1.Final

Comments

@agea
Copy link

agea commented Jun 16, 2022

Describe the bug

when using setting the property in this format:

quarkus.oidc.roles.role-claim-path="https://any.namespace/roles"

the slashes in the namespace are interpreted as path separator and if we have a claim like

{
  "https://any.namespace/roles":["admin"]
}

it's impossible to parse (btw this is a common pattern in Auth0 custom properties)

Expected behavior

There should be a way to specify the path AS IS

Actual behavior

We get an error (visible if enabling TRACE logs) like no claim found at path: https:

How to Reproduce?

  1. enable oidc authentication
  2. annotate a resource with @RolesAllowed("admin")
  3. set quarkus.oidc.roles.role-claim-path="https://any.namespace/roles" in application.properties
  4. call the annotated resource

Output of uname -a or ver

any

Output of java -version

any

GraalVM version (if different from Java)

No response

Quarkus version or git rev

2.9.2

Build tool (ie. output of mvnw --version or gradlew --version)

No response

Additional information

No response
@agea agea added the kind/bug Something isn't working label Jun 16, 2022
@sberyozkin
Copy link
Member

Hmm, I think a similar issue was resolved awhile back.

@quarkus-bot
Copy link

quarkus-bot bot commented Jun 16, 2022

/cc @pedroigor

@sberyozkin
Copy link
Member

sberyozkin commented Jun 16, 2022
edited
Loading

For example, see https://github.com/quarkusio/quarkus/blob/main/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/OidcUtilsTest.java#L433 and https://github.com/quarkusio/quarkus/blob/main/extensions/oidc/runtime/src/test/resources/tokenCustomPath.json#L17.
It looks like " is lost or may be there is some extra space somewhere, @agea, can you double check please ?

@agea agea changed the title Namespaces in JTW Claims Namespaces in JWT Claims Jun 16, 2022
@sberyozkin sberyozkin mentioned this issue Jun 20, 2022
Merged
@quarkus-bot quarkus-bot bot added this to the 2.11 - main milestone Jun 20, 2022
@sberyozkin sberyozkin mentioned this issue Jun 21, 2022
Merged
@gsmet gsmet modified the milestones: 2.11 - main, 2.10.1.Final Jun 21, 2022
@willthames willthames mentioned this issue Mar 31, 2023
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/oidc kind/bug Something isn't working
Projects
None yet
Milestone
2.10.1.Final
Development

Successfully merging a pull request may close this issue.

Add a test confirming a role claim path with the namespace works sberyozkin/quarkus
3 participants
@sberyozkin @agea @gsmet