(idToken *oidc.IDToken)
| 269 | } |
| 270 | |
| 271 | func parseClaims(idToken *oidc.IDToken) (*IDTokenClaims, error) { |
| 272 | var claim IDTokenClaims |
| 273 | if err := idToken.Claims(&claim); err != nil { |
| 274 | return nil, fmt.Errorf("failed to parse claims: %w", err) |
| 275 | } |
| 276 | // Username is optional if groups are present |
| 277 | if claim.Username == "" && len(claim.Groups) == 0 { |
| 278 | return nil, errors.New("missing username in ID token") |
| 279 | } |
| 280 | return &claim, nil |
| 281 | } |
| 282 | |
| 283 | func (auth *OIDCProvider) checkAllowed(user string, groups []string) bool { |
| 284 | userAllowed := slices.Contains(auth.allowedUsers, user) |
no test coverage detected