Add custom policy claim name (#8764)

In certain organizations policy claim names can be not just 'policy' but also things like 'roles', the value of this field might also be *string* or *[]string* support this as well In this PR we are still not supporting multiple policies per STS account which will require a more comprehensive change.
2025-11-09 05:34:56 -05:00 · 2020-01-08 17:21:58 -08:00
parent fd56aa42a6
commit abc1c1070a
8 changed files with 90 additions and 43 deletions
--- a/cmd/auth-handler.go
+++ b/cmd/auth-handler.go
@@ -226,7 +226,7 @@ func getClaimsFromToken(r *http.Request) (map[string]interface{}, error) {
 		// If OPA is not set, session token should
 		// have a policy and its mandatory, reject
 		// requests without policy claim.
-		p, pok := claims[iamPolicyName()]
+		p, pok := claims[iamPolicyClaimName()]
 		if !pok {
 			return nil, errAuthentication
 		}