commit ab93b155095643ab13f3779abc6c948fe273fe4b
author mauroporras <mauroporrasc@gmail.com> Thu May 28 08:53:25 2020 -0500
committer Robert Newson <rnewson@apache.org> Thu Jun 04 22:40:23 2020 +0100
tree 0ba284ec1a7d970fc585721d0586ed49b3353028
parent 0be139a8e20d1be0cf63e611159015b8bc6c6e1a

feat(auth): Allow a custom JWT claim for roles

rel/overlay/etc/default.ini

diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini
index 057ed4c..f3f12ca 100644
--- a/rel/overlay/etc/default.ini
+++ b/rel/overlay/etc/default.ini
@@ -145,6 +145,7 @@
 ; can be the name of a claim like "exp" or a tuple if the claim requires
 ; a parameter
 ; required_claims = exp, {iss, "IssuerNameHere"}
+; roles_claim_name = https://example.com/roles
 ;
 ; [jwt_keys]
 ; Configure at least one key here if using the JWT auth handler.

src/couch/src/couch_httpd_auth.erl

diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl
index 0d3add0..45a82bd 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -198,7 +198,7 @@
                         false -> throw({unauthorized, <<"Token missing sub claim.">>});
                         {_, User} -> Req#httpd{user_ctx=#user_ctx{
                             name = User,
-                            roles = couch_util:get_value(<<"_couchdb.roles">>, Claims, [])
+                            roles = couch_util:get_value(?l2b(config:get("jwt_auth", "roles_claim_name", "_couchdb.roles")), Claims, [])
                         }}
                     end;
                 {error, Reason} ->