From fe48c38bc644a60de68c94e5c0e95fc7b545421f Mon Sep 17 00:00:00 2001 From: Bingchang Chen <19990626.love@163.com> Date: Thu, 13 Jan 2022 21:48:00 +0800 Subject: [PATCH] feat: support minio (#418) Signed-off-by: abingcbc --- object/oidc_discovery.go | 1 + object/token_jwt.go | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/object/oidc_discovery.go b/object/oidc_discovery.go index 6e386a9c..2cc9f172 100644 --- a/object/oidc_discovery.go +++ b/object/oidc_discovery.go @@ -85,6 +85,7 @@ func GetJsonWebKeySet() (jose.JSONWebKeySet, error) { var jwk jose.JSONWebKey jwk.Key = x509Cert.PublicKey jwk.Certificates = []*x509.Certificate{x509Cert} + jwk.KeyID = cert.Name var jwks jose.JSONWebKeySet jwks.Keys = []jose.JSONWebKey{jwk} diff --git a/object/token_jwt.go b/object/token_jwt.go index 949c3246..748e11cc 100644 --- a/object/token_jwt.go +++ b/object/token_jwt.go @@ -26,6 +26,7 @@ import ( type Claims struct { *User Nonce string `json:"nonce,omitempty"` + Tag string `json:"tag,omitempty"` jwt.RegisteredClaims } @@ -67,6 +68,8 @@ func generateJwtToken(application *Application, user *User, nonce string) (strin claims := Claims{ User: user, Nonce: nonce, + // FIXME: A workaround for custom claim by reusing `tag` in user info + Tag: user.Tag, RegisteredClaims: jwt.RegisteredClaims{ Issuer: beego.AppConfig.String("origin"), Subject: user.Id, @@ -102,6 +105,7 @@ func generateJwtToken(application *Application, user *User, nonce string) (strin return "", "", err } + token.Header["kid"] = cert.Name tokenString, err := token.SignedString(key) if err != nil { return "", "", err