Closed ericrpowers closed 2 years ago
When leveraging a3s as an auth source, I noticed that claims coming from backend looked like this:
"claims": [ "@auth:account=account-837b0b8d-6a14-4cb8-a11d-97a03fafe6c6", "@auth:email=user@account-837b0b8d-6a14-4cb8-a11d-97a03fafe6c6.com", "@auth:id=6357a6d0a76fe8b13709d736", "@auth:organization=account-837b0b8d-6a14-4cb8-a11d-97a03fafe6c6", "@auth:realm=vince", "@auth:subject=account-837b0b8d-6a14-4cb8-a11d-97a03fafe6c6" ]
This caused issue with the retrievemany filter for authorizations as there was no issuer provided. To get it to work, the logic is now to populate the issuer if one is found, else skip adding it.
trustedissuer is necessary for federation. Accepting * or empty (in your case) could be potentially dangerous.
Description
When leveraging a3s as an auth source, I noticed that claims coming from backend looked like this:
This caused issue with the retrievemany filter for authorizations as there was no issuer provided. To get it to work, the logic is now to populate the issuer if one is found, else skip adding it.