sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-05-05 00:26:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

[management] Handle single-string JWT group claim from IdPs (#6014)

Browse Source
This commit is contained in:
Bethuel Mmbaga
2026-04-28 14:48:28 +03:00
committed by GitHub
parent f8745723fc
commit 6f0eff3ba0
2 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
shared/auth/jwt/extractor.go
View File

@@ -146,7 +146,11 @@ func (c *ClaimsExtractor) ToGroups(token *jwt.Token, claimName string) []string
userJWTGroups := make([]string, 0)
if claim, ok := claims[claimName]; ok {
if claimGroups, ok := claim.([]interface{}); ok {
switch claimGroups := claim.(type) {
case string:
// Some IdPs emit a single group claim as a string instead of an array.
userJWTGroups = append(userJWTGroups, claimGroups)
case []any:
for _, g := range claimGroups {
if group, ok := g.(string); ok {
userJWTGroups = append(userJWTGroups, group)
@@ -154,9 +158,11 @@ func (c *ClaimsExtractor) ToGroups(token *jwt.Token, claimName string) []string
log.Debugf("JWT claim %q contains a non-string group (type: %T): %v", claimName, g, g)
}
}
default:
log.Debugf("JWT claim %q is not a string or string array (type: %T): %v", claimName, claim, claim)
}
} else {
log.Debugf("JWT claim %q is not a string array", claimName)
log.Debugf("JWT claim %q is missing", claimName)
}
return userJWTGroups