mirror of
https://github.com/processone/ejabberd.git
synced 2024-11-24 16:23:40 +01:00
Merge pull request #3069 from nosnilmot/jwt-custom-jid-field
Add option for JWT field name containing JID
This commit is contained in:
commit
a202818037
@ -86,6 +86,7 @@ use_cache(_) ->
|
|||||||
%%%----------------------------------------------------------------------
|
%%%----------------------------------------------------------------------
|
||||||
check_jwt_token(User, Server, Token) ->
|
check_jwt_token(User, Server, Token) ->
|
||||||
JWK = ejabberd_option:jwt_key(Server),
|
JWK = ejabberd_option:jwt_key(Server),
|
||||||
|
JidField = ejabberd_option:jwt_jid_field(Server),
|
||||||
try jose_jwt:verify(JWK, Token) of
|
try jose_jwt:verify(JWK, Token) of
|
||||||
{true, {jose_jwt, Fields}, Signature} ->
|
{true, {jose_jwt, Fields}, Signature} ->
|
||||||
?DEBUG("jwt verify: ~p - ~p~n", [Fields, Signature]),
|
?DEBUG("jwt verify: ~p - ~p~n", [Fields, Signature]),
|
||||||
@ -97,7 +98,7 @@ check_jwt_token(User, Server, Token) ->
|
|||||||
Now = erlang:system_time(second),
|
Now = erlang:system_time(second),
|
||||||
if
|
if
|
||||||
Exp > Now ->
|
Exp > Now ->
|
||||||
case maps:find(<<"jid">>, Fields) of
|
case maps:find(JidField, Fields) of
|
||||||
error ->
|
error ->
|
||||||
false;
|
false;
|
||||||
{ok, SJID} ->
|
{ok, SJID} ->
|
||||||
@ -121,6 +122,3 @@ check_jwt_token(User, Server, Token) ->
|
|||||||
false
|
false
|
||||||
end.
|
end.
|
||||||
|
|
||||||
%% TODO: auth0 username is defined in 'jid' field, but we should
|
|
||||||
%% allow customizing the name of the field containing the username
|
|
||||||
%% to adapt to custom claims.
|
|
||||||
|
@ -51,6 +51,7 @@
|
|||||||
-export([hosts/0]).
|
-export([hosts/0]).
|
||||||
-export([include_config_file/0, include_config_file/1]).
|
-export([include_config_file/0, include_config_file/1]).
|
||||||
-export([jwt_auth_only_rule/0, jwt_auth_only_rule/1]).
|
-export([jwt_auth_only_rule/0, jwt_auth_only_rule/1]).
|
||||||
|
-export([jwt_jid_field/0, jwt_jid_field/1]).
|
||||||
-export([jwt_key/0, jwt_key/1]).
|
-export([jwt_key/0, jwt_key/1]).
|
||||||
-export([language/0, language/1]).
|
-export([language/0, language/1]).
|
||||||
-export([ldap_backups/0, ldap_backups/1]).
|
-export([ldap_backups/0, ldap_backups/1]).
|
||||||
@ -431,6 +432,13 @@ jwt_auth_only_rule() ->
|
|||||||
jwt_auth_only_rule(Host) ->
|
jwt_auth_only_rule(Host) ->
|
||||||
ejabberd_config:get_option({jwt_auth_only_rule, Host}).
|
ejabberd_config:get_option({jwt_auth_only_rule, Host}).
|
||||||
|
|
||||||
|
-spec jwt_jid_field() -> binary().
|
||||||
|
jwt_jid_field() ->
|
||||||
|
jwt_jid_field(global).
|
||||||
|
-spec jwt_jid_field(global | binary()) -> binary().
|
||||||
|
jwt_jid_field(Host) ->
|
||||||
|
ejabberd_config:get_option({jwt_jid_field, Host}).
|
||||||
|
|
||||||
-spec jwt_key() -> jose_jwk:key() | 'undefined'.
|
-spec jwt_key() -> jose_jwk:key() | 'undefined'.
|
||||||
jwt_key() ->
|
jwt_key() ->
|
||||||
jwt_key(global).
|
jwt_key(global).
|
||||||
|
@ -425,6 +425,8 @@ opt_type(jwt_key) ->
|
|||||||
econf:fail({read_file, Reason, Path})
|
econf:fail({read_file, Reason, Path})
|
||||||
end
|
end
|
||||||
end);
|
end);
|
||||||
|
opt_type(jwt_jid_field) ->
|
||||||
|
econf:binary();
|
||||||
opt_type(jwt_auth_only_rule) ->
|
opt_type(jwt_auth_only_rule) ->
|
||||||
econf:atom().
|
econf:atom().
|
||||||
|
|
||||||
@ -653,6 +655,7 @@ options() ->
|
|||||||
{websocket_ping_interval, timer:seconds(60)},
|
{websocket_ping_interval, timer:seconds(60)},
|
||||||
{websocket_timeout, timer:minutes(5)},
|
{websocket_timeout, timer:minutes(5)},
|
||||||
{jwt_key, undefined},
|
{jwt_key, undefined},
|
||||||
|
{jwt_jid_field, <<"jid">>},
|
||||||
{jwt_auth_only_rule, none}].
|
{jwt_auth_only_rule, none}].
|
||||||
|
|
||||||
-spec globals() -> [atom()].
|
-spec globals() -> [atom()].
|
||||||
|
Loading…
Reference in New Issue
Block a user