Add admin claim to JWT for UI

author: Mike Crute <mike@crute.us> 2021-11-21 20:55:25 -0800
committer: Mike Crute <mike@crute.us> 2021-11-21 20:55:25 -0800
commit: 98b08625108e4f97b88074f392535eed6726bd36 (patch)
tree: f74dab01ece98c4b77a8ab2b082a2e571443d36e
parent: a62803f932771516ca05a17167b63d1310ce3611 (diff)
download: cloud-identity-broker-98b08625108e4f97b88074f392535eed6726bd36.tar.bz2
cloud-identity-broker-98b08625108e4f97b88074f392535eed6726bd36.tar.xz
cloud-identity-broker-98b08625108e4f97b88074f392535eed6726bd36.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/auth/jwt.go b/auth/jwt.go
index c65cf39..8d5ddc3 100644
--- a/auth/jwt.go
+++ b/auth/jwt.go
@@ -117,6 +117,8 @@ func (m *JWTManager) CreateForUser(u *models.User) (string, *models.SessionKey,
                Audience: jwt.Audience{m.Audience},
                Expiry:   jwt.NewNumericDate(now.Add(m.TokenExpires)),
                IssuedAt: jwt.NewNumericDate(now),
+        }).Claims(map[string]interface{}{
+                "admin": u.IsAdmin, // Advisory, for UI, the server must never trust this
        }).CompactSerialize()
        return j, pk, err
author	Mike Crute <mike@crute.us>	2021-11-21 20:55:25 -0800
committer	Mike Crute <mike@crute.us>	2021-11-21 20:55:25 -0800
commit	98b08625108e4f97b88074f392535eed6726bd36 (patch)
tree	f74dab01ece98c4b77a8ab2b082a2e571443d36e
parent	a62803f932771516ca05a17167b63d1310ce3611 (diff)
download	cloud-identity-broker-98b08625108e4f97b88074f392535eed6726bd36.tar.bz2 cloud-identity-broker-98b08625108e4f97b88074f392535eed6726bd36.tar.xz cloud-identity-broker-98b08625108e4f97b88074f392535eed6726bd36.zip

diff --git a/auth/jwt.go b/auth/jwt.go index c65cf39..8d5ddc3 100644 --- a/auth/jwt.go +++ b/auth/jwt.go
@@ -117,6 +117,8 @@ func (m JWTManager) CreateForUser(u models.User) (string, *models.SessionKey,
117	Audience: jwt.Audience{m.Audience},	117	Audience: jwt.Audience{m.Audience},
118	Expiry: jwt.NewNumericDate(now.Add(m.TokenExpires)),	118	Expiry: jwt.NewNumericDate(now.Add(m.TokenExpires)),
119	IssuedAt: jwt.NewNumericDate(now),	119	IssuedAt: jwt.NewNumericDate(now),
		120	}).Claims(map[string]interface{}{
		121	"admin": u.IsAdmin, // Advisory, for UI, the server must never trust this
120	}).CompactSerialize()	122	}).CompactSerialize()
121		123
122	return j, pk, err	124	return j, pk, err