Do Not Append Default OIDC Rule if User Specifies Rules

ibm-cloud-security / app-identity-and-access-adapter

App Identity and Access Adapter for Istio Mixer

Apache License 2.0

78 stars 29 forks source link

Do Not Append Default OIDC Rule if User Specifies Rules #56

Closed devstein closed 4 years ago

devstein commented 4 years ago

Right now rules are broken for an OIDC policy if the aud claim doesn't have the client_id (the default rule) because the default rule is always appended to the user-defined rules. Okta and I imagine other OIDC providers, only support a single aud claim, so if it is not set to a specific client_id this rule always fails.

Let me know if this is intentional.

cc @k3a

ishangulhane commented 4 years ago

Looks good. Please create a PR on the development branch

devstein commented 4 years ago

@ishangulhane Updated the PR base

ishangulhane commented 4 years ago

@devstein branch is not in sync with the development

devstein commented 4 years ago

@ishangulhane Updated