MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-09 21:49:46 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add policy claim support for JWT (#6660)

Browse Source 
This way temporary credentials can use canned
policies on the server without configuring OPA.
This commit is contained in:
Harshavardhana
2018-10-29 11:08:59 -07:00
committed by kannappanr
parent 1c911c5f40
commit 7e879a45d5
3 changed files with 54 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
cmd/sts-handlers.go
View File

@@ -162,8 +162,17 @@ func (sts *stsAPIHandlers) AssumeRoleWithClientGrants(w http.ResponseWriter, r *
return
}
// JWT has requested a custom claim with policy value set.
// This is a Minio STS API specific value, this value should
// be set and configured on your identity provider as part of
// JWT custom claims.
var policyName string
if v, ok := m["policy"]; ok {
policyName, _ = v.(string)
}
// Set the newly generated credentials.
if err = globalIAMSys.SetTempUser(cred.AccessKey, cred); err != nil {
if err = globalIAMSys.SetTempUser(cred.AccessKey, cred, policyName); err != nil {
logger.LogIf(ctx, err)
writeSTSErrorResponse(w, ErrSTSInternalError)
return