Skip to content
Merged
Show file tree
Hide file tree
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions contrib/endpoints/src/api_manager/auth.h
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,8 @@ struct UserInfo {
// Authorized party of the incoming JWT.
// See http://openid.net/specs/openid-connect-core-1_0.html#IDToken
std::string authorized_party;
// String of claims
std::string claims;

// Returns audiences as a comma separated strings.
std::string AudiencesAsString() const {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -699,12 +699,15 @@ grpc_jwt_verifier_status JwtValidatorImpl::FillUserInfoAndSetExp(

// Optional field.
const grpc_json *grpc_json = grpc_jwt_claims_json(claims_);

char *json_str = grpc_json_dump_to_string(const_cast<::grpc_json *>(grpc_json), 0);
user_info->claims = json_str == nullptr ? "" : json_str;

const char *email = GetStringValue(grpc_json, "email");
user_info->email = email == nullptr ? "" : email;
const char *authorized_party = GetStringValue(grpc_json, "azp");
user_info->authorized_party =
authorized_party == nullptr ? "" : authorized_party;

exp_ = system_clock::from_time_t(grpc_jwt_claims_expires_at(claims_).tv_sec);

return GRPC_JWT_VERIFIER_OK;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ class ServiceAccountToken {
enum JWT_TOKEN_TYPE {
JWT_TOKEN_FOR_SERVICE_CONTROL = 0,
JWT_TOKEN_FOR_CLOUD_TRACING,
JWT_TOKEN_FOR_FIREBASE,
JWT_TOKEN_TYPE_MAX,
};
// Set audience. Only calcualtes JWT token with specified audience.
Expand Down
2 changes: 2 additions & 0 deletions contrib/endpoints/src/api_manager/check_auth.cc
Original file line number Diff line number Diff line change
Expand Up @@ -243,6 +243,8 @@ void AuthChecker::CheckAudience(bool cache_hit) {
context_->set_auth_audience(audience);
context_->set_auth_authorized_party(user_info_.authorized_party);

context_->set_auth_claims(user_info_.claims);

// Remove http/s header and trailing '/' for issuer.
std::string issuer = utils::GetUrlContent(user_info_.issuer);
if (!context_->method()->isIssuerAllowed(issuer)) {
Expand Down
Loading