From 45e25acc80f4f3a099f16763362be45182899ebe Mon Sep 17 00:00:00 2001
From: DacongDA <dacongda1@sina.com>
Date: Fri, 9 Aug 2024 22:48:44 +0800
Subject: [PATCH] feat: fix JWT generate issue cause by shared application
 (#3113)

* fix: fix jwt generate cause by shared application

* fix: fix built-in org will not add -org-
---
 object/token_jwt.go            | 4 ++++
 web/src/ApplicationEditPage.js | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/object/token_jwt.go b/object/token_jwt.go
index 9f0808c1..a230bcd9 100644
--- a/object/token_jwt.go
+++ b/object/token_jwt.go
@@ -365,6 +365,10 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
 		},
 	}
 
+	if application.IsShared {
+		claims.Audience = []string{application.ClientId + "-org-" + user.Owner}
+	}
+
 	var token *jwt.Token
 	var refreshToken *jwt.Token
 
diff --git a/web/src/ApplicationEditPage.js b/web/src/ApplicationEditPage.js
index cfe0ffc7..04984005 100644
--- a/web/src/ApplicationEditPage.js
+++ b/web/src/ApplicationEditPage.js
@@ -1009,7 +1009,7 @@ class ApplicationEditPage extends React.Component {
     }
 
     let clientId = this.state.application.clientId;
-    if (this.state.application.isShared && this.props.account.owner !== "built-in") {
+    if (this.state.application.isShared) {
       clientId += `-org-${this.props.account.owner}`;
     }
     const signInUrl = `/login/oauth/authorize?client_id=${clientId}&response_type=code&redirect_uri=${redirectUri}&scope=read&state=casdoor`;