authorize: add sid to JWT claims (#2420)

* authorize: add sid to JWT claims * fix import ordering
2025-05-31 09:57:17 +02:00 · 2021-08-02 16:11:05 -06:00 · 2021-08-02 16:11:05 -06:00 · a64e5b5fa1
commit a64e5b5fa1
parent 97af64df60
2 changed files with 13 additions and 2 deletions
--- a/authorize/evaluator/opa/policy/headers.rego
+++ b/authorize/evaluator/opa/policy/headers.rego
@ -139,6 +139,9 @@ jwt_payload_groups = v {
 	true
 }

+# the session id is always set to the input session id, even if impersonating
+jwt_payload_sid := input.session.id
+
 base_jwt_claims := [
 	["iss", jwt_payload_iss],
 	["aud", jwt_payload_aud],
@ -149,6 +152,7 @@ base_jwt_claims := [
 	["user", jwt_payload_user],
 	["email", jwt_payload_email],
 	["groups", jwt_payload_groups],
+	["sid", jwt_payload_sid]
 ]

 additional_jwt_claims := [[k, v] |