feat(auth): Allow a custom JWT claim for roles
diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini
index 057ed4c..f3f12ca 100644
--- a/rel/overlay/etc/default.ini
+++ b/rel/overlay/etc/default.ini
@@ -145,6 +145,7 @@
; can be the name of a claim like "exp" or a tuple if the claim requires
; a parameter
; required_claims = exp, {iss, "IssuerNameHere"}
+; roles_claim_name = https://example.com/roles
;
; [jwt_keys]
; Configure at least one key here if using the JWT auth handler.
diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl
index 0d3add0..45a82bd 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -198,7 +198,7 @@
false -> throw({unauthorized, <<"Token missing sub claim.">>});
{_, User} -> Req#httpd{user_ctx=#user_ctx{
name = User,
- roles = couch_util:get_value(<<"_couchdb.roles">>, Claims, [])
+ roles = couch_util:get_value(?l2b(config:get("jwt_auth", "roles_claim_name", "_couchdb.roles")), Claims, [])
}}
end;
{error, Reason} ->