Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Revert using preferred_username

Browse Source 
It might present a security issue if the users can change this value for themselves. Needs further investigation
pull/561/head
Cristian Le 3 years ago
parent 21732f213b
commit decf0fc8ce
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File

3
authority/provisioner/oidc.go
Unescape Escape View File

@ -389,7 +389,8 @@ func (o *OIDC) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption
// Get the identity using either the default identityFunc or one injected
// externally. Note that the PreferredUsername might be empty.
iden, err := o.getIdentityFunc(ctx, o, claims.Email, claims.PreferredUsername)
// TBD: Would preferred_username present a safety issue here?
iden, err := o.getIdentityFunc(ctx, o, claims.Email)
if err != nil {
return nil, errs.Wrap(http.StatusInternalServerError, err, "oidc.AuthorizeSSHSign")
}

Write Preview
Loading…
Cancel
Save