refactor(proxy): Use jmespath to extract claim values by rhafer · Pull Request #2558 · opencloud-eu/opencloud
Replace the custom dot-path walking implementation (SplitWithEscaping +
WalkSegments) in the proxy service's JWT middleware with
github.com/jmespath-community/go-jmespath. extractRoles in oidcroles.go
and readUserIDClaim in account_resolver.go now uses jmespath.Search()
NOTE: This change is backwards-incompatible for some corner cases. While
simple dot-separated paths like 'realm_access.roles' are unchanged,
claim paths containing literal dots (i.e. where the dot does not
indicate a hierarchy) must now be quoted ('"sub.roles"' instead of
'sub\.roles').
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters