nlippis commented on code in PR #13242:
URL: https://github.com/apache/druid/pull/13242#discussion_r1003881341
##########
extensions-core/druid-pac4j/src/main/java/org/apache/druid/security/pac4j/OIDCConfig.java:
##########
@@ -26,6 +26,7 @@
public class OIDCConfig
{
+ private final String DEFAULT_SCOPE = "name";
Review Comment:
The default claim to use for the identity is `sub` since `name` is not a
standard OIDC claim
##########
extensions-core/druid-pac4j/src/main/java/org/apache/druid/security/pac4j/OIDCConfig.java:
##########
@@ -35,16 +36,21 @@
@JsonProperty
private final String discoveryURI;
+ @JsonProperty
+ private final String oidcClaim;
+
@JsonCreator
public OIDCConfig(
@JsonProperty("clientID") String clientID,
@JsonProperty("clientSecret") PasswordProvider clientSecret,
- @JsonProperty("discoveryURI") String discoveryURI
+ @JsonProperty("discoveryURI") String discoveryURI,
+ @JsonProperty("oidcClaim") String oidcClaim
Review Comment:
Since this parameter is used to specify an arbitrary claim value as the
Druid AuthenticationResult's identity, perhaps we can give it a name such as
`identityClaim`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
