Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT bound constraint check in auth/<role>/config does not consider bound_claims #48

Closed
shwuandwing opened this issue May 9, 2019 · 3 comments
Closed

JWT bound constraint check in auth/<role>/config does not consider bound_claims #48

shwuandwing opened this issue May 9, 2019 · 3 comments
Assignees
@kalafut

Comments

@shwuandwing
Copy link
Contributor

shwuandwing commented May 9, 2019
edited
Loading

Hi,

For configuring JWT roles (in path_role.go line 401), there is a check that is at least one bound constraint. However, that check does not consider if bound_claims is non-empty.

i.e. trying to create a role fails if audience / subject / cidr is empty, but bound_claims is non-empty.

vault-plugin-auth-jwt/path_role.go

Line 401 in eb2915c

if roleType != "oidc" {

If you agree this is a valid issue, I could make a diff to fix it.
@kalafut
Copy link
Contributor

kalafut commented May 9, 2019

Hi. I think that is a reasonable improvement.

@kalafut kalafut self-assigned this May 9, 2019
@shwuandwing
Copy link
Contributor Author

#49

@shwuandwing
Copy link
Contributor Author

Fix merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kalafut kalafut

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shwuandwing @kalafut