lmccay commented on code in PR #1257:
URL: https://github.com/apache/knox/pull/1257#discussion_r3396496666
##########
gateway-spi/src/main/java/org/apache/knox/gateway/services/security/token/impl/JWTToken.java:
##########
@@ -100,14 +101,14 @@ public JWTToken(JWTokenAttributes jwtAttributes) {
if (jwtAttributes.getClientId() != null) {
builder.claim(CLIENT_ID_CLAIM, jwtAttributes.getClientId());
}
- if (jwtAttributes.getActor() != null) {
- // RFC 8693 Token Exchange: The "act" (actor) claim provides a means
within a JWT to express
- // that delegation has occurred and identify the acting party to whom
authority has been delegated.
- // The act claim value is a JSON object containing a "sub" claim with
the identity of the actor.
- JWTClaimsSet actClaims = new JWTClaimsSet.Builder()
- .subject(jwtAttributes.getActor())
- .build();
- builder.claim(ACT_CLAIM, actClaims.toJSONObject());
+ // RFC 8693 Token Exchange: The "act" (actor) claim provides a means
within a JWT to express
+ // that delegation has occurred and identify the acting party to whom
authority has been delegated.
+ // The actor chain is converted to the nested structure required by RFC
8693.
+ if (jwtAttributes.getActorChain() != null &&
!jwtAttributes.getActorChain().isEmpty()) {
+ Map<String, Object> nestedAct =
org.apache.knox.gateway.services.security.token.TokenUtils.buildNestedActClaim(jwtAttributes.getActorChain());
Review Comment:
Got it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
