public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update claim extraction logic in ms_entra_id.go 

Changed claim extraction from 'iss' to 'tid' with fallback.
This commit is contained in:
Asif A Siddiqi 2025-10-10 14:39:49 -07:00 committed by Jan Larwig
parent c0a087d7f2
commit 0ce49de2ce
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
providers/ms_entra_id.go
View File

@ -271,7 +271,14 @@ func (p *MicrosoftEntraIDProvider) getTenantFromToken(session *sessions.SessionS
return "", fmt.Errorf("unable to get claim extractor: %v", err) return "", fmt.Errorf("unable to get claim extractor: %v", err)
} }
value, exists, err := extractor.GetClaim("iss") value, exists, err := extractor.GetClaim("tid")
if exists && err == nil {
return value, nil
}
// Fall back to iss claim
value, exists, err = extractor.GetClaim("iss")
if !exists || err != nil { if !exists || err != nil {
return "", fmt.Errorf("iss claim does not exist in the token") return "", fmt.Errorf("iss claim does not exist in the token")