allow access for groups

BTBurke / caddy-jwt

JWT middleware for the Caddy server

MIT License

113 stars 40 forks source link

allow access for groups #61

Closed greenpau closed 4 years ago

greenpau commented 4 years ago

JWT token has the following claims:

{
  "name": "Greenberg, Paul",
  "groups": [
    "AzureAD_Administrator",
    "AzureAD_Editor"
  ]
}

What is the way to allow access to a page for anyone in AzureAD_Administrator group?

BTBurke commented 4 years ago

Try

allow groups.0 AzureAD_Administrator

greenpau commented 4 years ago

Try allow groups.0 AzureAD_Administrator

@BTBurke, thank you, but it did not work 👍 I will continue troubleshooting.

What if AzureAD_Administrator is 2nd element? What is your vision to accomplish the matching according to group membership?

greenpau commented 4 years ago

allow groups.0 AzureAD_Administrator

@BTBurke , the above does not work because the evaluations below, i.e. vClaims only contains groups.

        // If token contains rules with allow or deny, evaluate
        if len(p.AccessRules) > 0 {
            var isAuthorized []bool
            for _, rule := range p.AccessRules {
                v := vClaims[rule.Claim]

There is actually a login to check whether something is a slice (array) and match on it. In theory, the allow groups AzureAD_Administrator should be working.

To be continued...

greenpau commented 4 years ago

The allow groups AzureAD_Administrator works. It was not working because of browser cache.

BTBurke commented 4 years ago

Great. I thought it should have worked. Cheers.