diff options
| author | Stu Tomlinson <stu@nosnilmot.com> | 2019-10-25 16:56:18 +0100 |
|---|---|---|
| committer | Stu Tomlinson <stu@nosnilmot.com> | 2019-10-25 16:56:18 +0100 |
| commit | b2651dae0f4b3f8f025787b80fe1cc8368dac61c (patch) | |
| tree | b10cf6e76e4fcde725f3b6c3a56b354b76b4261e /src | |
| parent | Avoid calling to logger module on OTP<22 (diff) | |
Add option for JWT field name containing JID
Diffstat (limited to 'src')
| -rw-r--r-- | src/ejabberd_auth_jwt.erl | 6 | ||||
| -rw-r--r-- | src/ejabberd_option.erl | 8 | ||||
| -rw-r--r-- | src/ejabberd_options.erl | 3 |
3 files changed, 13 insertions, 4 deletions
diff --git a/src/ejabberd_auth_jwt.erl b/src/ejabberd_auth_jwt.erl index 71fbabb45..8fce8e39c 100644 --- a/src/ejabberd_auth_jwt.erl +++ b/src/ejabberd_auth_jwt.erl @@ -86,6 +86,7 @@ use_cache(_) -> %%%---------------------------------------------------------------------- check_jwt_token(User, Server, Token) -> JWK = ejabberd_option:jwt_key(Server), + JidField = ejabberd_option:jwt_jid_field(Server), try jose_jwt:verify(JWK, Token) of {true, {jose_jwt, Fields}, Signature} -> ?DEBUG("jwt verify: ~p - ~p~n", [Fields, Signature]), @@ -97,7 +98,7 @@ check_jwt_token(User, Server, Token) -> Now = erlang:system_time(second), if Exp > Now -> - case maps:find(<<"jid">>, Fields) of + case maps:find(JidField, Fields) of error -> false; {ok, SJID} -> @@ -121,6 +122,3 @@ check_jwt_token(User, Server, Token) -> false end. -%% TODO: auth0 username is defined in 'jid' field, but we should -%% allow customizing the name of the field containing the username -%% to adapt to custom claims. diff --git a/src/ejabberd_option.erl b/src/ejabberd_option.erl index fde41e78d..773775743 100644 --- a/src/ejabberd_option.erl +++ b/src/ejabberd_option.erl @@ -51,6 +51,7 @@ -export([hosts/0]). -export([include_config_file/0, include_config_file/1]). -export([jwt_auth_only_rule/0, jwt_auth_only_rule/1]). +-export([jwt_jid_field/0, jwt_jid_field/1]). -export([jwt_key/0, jwt_key/1]). -export([language/0, language/1]). -export([ldap_backups/0, ldap_backups/1]). @@ -431,6 +432,13 @@ jwt_auth_only_rule() -> jwt_auth_only_rule(Host) -> ejabberd_config:get_option({jwt_auth_only_rule, Host}). +-spec jwt_jid_field() -> binary(). +jwt_jid_field() -> + jwt_jid_field(global). +-spec jwt_jid_field(global | binary()) -> binary(). +jwt_jid_field(Host) -> + ejabberd_config:get_option({jwt_jid_field, Host}). + -spec jwt_key() -> jose_jwk:key() | 'undefined'. jwt_key() -> jwt_key(global). diff --git a/src/ejabberd_options.erl b/src/ejabberd_options.erl index eacde998d..518091d98 100644 --- a/src/ejabberd_options.erl +++ b/src/ejabberd_options.erl @@ -415,6 +415,8 @@ opt_type(jwt_key) -> econf:fail({read_file, Reason, Path}) end end); +opt_type(jwt_jid_field) -> + econf:binary(); opt_type(jwt_auth_only_rule) -> econf:atom(). @@ -643,6 +645,7 @@ options() -> {websocket_ping_interval, timer:seconds(60)}, {websocket_timeout, timer:minutes(5)}, {jwt_key, undefined}, + {jwt_jid_field, <<"jid">>}, {jwt_auth_only_rule, none}]. -spec globals() -> [atom()]. |