wn/traefik-forward-auth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

we get closer

Browse Source
This commit is contained in:
Wolfgang Hottgenroth
2023-11-06 19:59:31 +01:00
parent 5828a9a5a2
commit ab2d527dbd
2 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
internal/provider/oidc.go
View File

@ -90,6 +90,7 @@ func (o *OIDC) ExchangeCode(redirectURI, code string) (string, error) {
// GetUser uses the given token and returns a complete provider.User object
func (o *OIDC) GetUser(token string) (User, error) {
var user User
var roles Roles
// Parse & Verify ID Token
idToken, err := o.verifier.Verify(o.ctx, token)
@ -104,8 +105,14 @@ func (o *OIDC) GetUser(token string) (User, error) {
if err := idToken.Claims(&user); err != nil {
return user, err
}
o.log.WithField("user", user).Debug("getUser")
return user, nil
if err := idToken.Claims(&roles); err != nil {
return user, err
}
o.log.WithField("roles", roles).Debug("getUser")
return user, errors.New("access denied")
// return user, nil
}