fix: send valid claims in AuditLogs for browser requests (#9713)

Additionally also fix STS logs to filter out LDAP password to be sent out in audit logs. Bonus fix handle the reload of users properly by making sure to preserve the newer users during the reload to be not invalidated. Fixes #9707 Fixes #9644 Fixes #9651
2025-11-07 21:02:58 -05:00 · 2020-05-27 12:38:44 -07:00
parent e5ecd20d44
commit 7cedc5369d
5 changed files with 106 additions and 29 deletions
--- a/cmd/jwt/parser.go
+++ b/cmd/jwt/parser.go
@@ -130,6 +130,9 @@ func NewMapClaims() *MapClaims {

 // Lookup returns the value and if the key is found.
 func (c *MapClaims) Lookup(key string) (value string, ok bool) {
+	if c == nil {
+		return "", false
+	}
 	var vinterface interface{}
 	vinterface, ok = c.MapClaims[key]
 	if ok {
@@ -167,6 +170,9 @@ func (c *MapClaims) Valid() error {

 // Map returns underlying low-level map claims.
 func (c *MapClaims) Map() map[string]interface{} {
+	if c == nil {
+		return nil
+	}
 	return c.MapClaims
 }