mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
Add new extended list of JWT keys from OpenID group (#9087)
https://www.iana.org/assignments/jwt/jwt.xhtml#claims
This commit is contained in:
parent
9ad1c2d07d
commit
2f2c7d91a8
75
pkg/bucket/policy/condition/jwt.go
Normal file
75
pkg/bucket/policy/condition/jwt.go
Normal file
@ -0,0 +1,75 @@
|
||||
/*
|
||||
* MinIO Cloud Storage, (C) 2020 MinIO, Inc.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package condition
|
||||
|
||||
// JWT claims supported substitutions.
|
||||
// https://www.iana.org/assignments/jwt/jwt.xhtml#claims
|
||||
const (
|
||||
// JWTSub - JWT subject claim substitution.
|
||||
JWTSub Key = "jwt:sub"
|
||||
|
||||
// JWTIss issuer claim substitution.
|
||||
JWTIss Key = "jwt:iss"
|
||||
|
||||
// JWTAud audience claim substitution.
|
||||
JWTAud Key = "jwt:aud"
|
||||
|
||||
// JWTJti JWT unique identifier claim substitution.
|
||||
JWTJti Key = "jwt:jti"
|
||||
|
||||
JWTName Key = "jwt:name"
|
||||
JWTGivenName Key = "jwt:given_name"
|
||||
JWTFamilyName Key = "jwt:family_name"
|
||||
JWTMiddleName Key = "jwt:middle_name"
|
||||
JWTNickName Key = "jwt:nickname"
|
||||
JWTPrefUsername Key = "jwt:preferred_username"
|
||||
JWTProfile Key = "jwt:profile"
|
||||
JWTPicture Key = "jwt:picture"
|
||||
JWTWebsite Key = "jwt:website"
|
||||
JWTEmail Key = "jwt:email"
|
||||
JWTGender Key = "jwt:gender"
|
||||
JWTBirthdate Key = "jwt:birthdate"
|
||||
JWTPhoneNumber Key = "jwt:phone_number"
|
||||
JWTAddress Key = "jwt:address"
|
||||
JWTScope Key = "jwt:scope"
|
||||
JWTClientID Key = "jwt:client_id"
|
||||
)
|
||||
|
||||
// JWTKeys - Supported JWT keys, non-exhaustive list please
|
||||
// expand as new claims are standardized.
|
||||
var JWTKeys = []Key{
|
||||
JWTSub,
|
||||
JWTIss,
|
||||
JWTAud,
|
||||
JWTJti,
|
||||
JWTName,
|
||||
JWTGivenName,
|
||||
JWTFamilyName,
|
||||
JWTMiddleName,
|
||||
JWTNickName,
|
||||
JWTPrefUsername,
|
||||
JWTProfile,
|
||||
JWTPicture,
|
||||
JWTWebsite,
|
||||
JWTEmail,
|
||||
JWTGender,
|
||||
JWTBirthdate,
|
||||
JWTPhoneNumber,
|
||||
JWTAddress,
|
||||
JWTScope,
|
||||
JWTClientID,
|
||||
}
|
@ -85,22 +85,10 @@ const (
|
||||
|
||||
// AWSUsername - user friendly name, in MinIO this value is same as your user Access Key.
|
||||
AWSUsername Key = "aws:username"
|
||||
|
||||
// JWTSub - JWT subject claim substitution.
|
||||
JWTSub Key = "jwt:sub"
|
||||
|
||||
// JWTIss issuer claim substitution.
|
||||
JWTIss Key = "jwt:iss"
|
||||
|
||||
// JWTAud audience claim substitution.
|
||||
JWTAud Key = "jwt:aud"
|
||||
|
||||
// JWTJti JWT unique identifier claim substitution.
|
||||
JWTJti Key = "jwt:jti"
|
||||
)
|
||||
|
||||
// AllSupportedKeys - is list of all all supported keys.
|
||||
var AllSupportedKeys = []Key{
|
||||
var AllSupportedKeys = append([]Key{
|
||||
S3XAmzCopySource,
|
||||
S3XAmzServerSideEncryption,
|
||||
S3XAmzServerSideEncryptionCustomerAlgorithm,
|
||||
@ -119,15 +107,11 @@ var AllSupportedKeys = []Key{
|
||||
AWSPrincipalType,
|
||||
AWSUserID,
|
||||
AWSUsername,
|
||||
JWTSub,
|
||||
JWTIss,
|
||||
JWTAud,
|
||||
JWTJti,
|
||||
// Add new supported condition keys.
|
||||
}
|
||||
}, JWTKeys...)
|
||||
|
||||
// CommonKeys - is list of all common condition keys.
|
||||
var CommonKeys = []Key{
|
||||
var CommonKeys = append([]Key{
|
||||
AWSReferer,
|
||||
AWSSourceIP,
|
||||
AWSUserAgent,
|
||||
@ -137,11 +121,7 @@ var CommonKeys = []Key{
|
||||
AWSPrincipalType,
|
||||
AWSUserID,
|
||||
AWSUsername,
|
||||
JWTSub,
|
||||
JWTIss,
|
||||
JWTAud,
|
||||
JWTJti,
|
||||
}
|
||||
}, JWTKeys...)
|
||||
|
||||
func substFuncFromValues(values map[string][]string) func(string) string {
|
||||
return func(v string) string {
|
||||
|
Loading…
Reference in New Issue
Block a user