mirror of
https://github.com/pomerium/pomerium.git
synced 2025-06-09 22:33:11 +02:00
authorize: use impersonate email/groups in JWT (#1364)
This commit is contained in:
parent
4fb90fabe8
commit
0a2638e5dc
2 changed files with 24 additions and 0 deletions
|
@ -231,6 +231,14 @@ func (e *Evaluator) JWTPayload(req *Request) map[string]interface{} {
|
||||||
payload["groups"] = groups
|
payload["groups"] = groups
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if req.Session.ImpersonateEmail != "" {
|
||||||
|
payload["email"] = req.Session.ImpersonateEmail
|
||||||
|
}
|
||||||
|
if len(req.Session.ImpersonateGroups) > 0 {
|
||||||
|
payload["groups"] = req.Session.ImpersonateGroups
|
||||||
|
}
|
||||||
|
|
||||||
return payload
|
return payload
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -247,6 +247,22 @@ func TestEvaluator_JWTPayload(t *testing.T) {
|
||||||
"groups": []string{"group1", "group2", "admin", "test"},
|
"groups": []string{"group1", "group2", "admin", "test"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"with impersonate",
|
||||||
|
&Request{
|
||||||
|
HTTP: RequestHTTP{URL: "https://example.com"},
|
||||||
|
Session: RequestSession{
|
||||||
|
ImpersonateEmail: "user@example.com",
|
||||||
|
ImpersonateGroups: []string{"admin", "test"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
map[string]interface{}{
|
||||||
|
"iss": "authn.example.com",
|
||||||
|
"aud": "example.com",
|
||||||
|
"email": "user@example.com",
|
||||||
|
"groups": []string{"admin", "test"},
|
||||||
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, tc := range tests {
|
for _, tc := range tests {
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue