diff options
author | Kostas <vrinek@users.noreply.github.com> | 2021-11-22 19:01:03 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-11-22 13:01:03 -0500 |
commit | 1035663833a76196c3e3ba425fd6500c5420bbe2 (patch) | |
tree | 8babbe56e354631364b4de4dca22ac9b9ee1a154 /docs | |
parent | Store arbitrary relations from events. (#11391) (diff) | |
download | synapse-1035663833a76196c3e3ba425fd6500c5420bbe2.tar.xz |
Add config for customizing the claim used for JWT logins. (#11361)
Allows specifying a different claim (from the default "sub") to use when calculating the localpart of the Matrix ID used during the JWT login.
Diffstat (limited to 'docs')
-rw-r--r-- | docs/jwt.md | 5 | ||||
-rw-r--r-- | docs/sample_config.yaml | 6 |
2 files changed, 9 insertions, 2 deletions
diff --git a/docs/jwt.md b/docs/jwt.md index 5be9fd26e3..32f58cc0cb 100644 --- a/docs/jwt.md +++ b/docs/jwt.md @@ -22,8 +22,9 @@ will be removed in a future version of Synapse. The `token` field should include the JSON web token with the following claims: -* The `sub` (subject) claim is required and should encode the local part of the - user ID. +* A claim that encodes the local part of the user ID is required. By default, + the `sub` (subject) claim is used, or a custom claim can be set in the + configuration file. * The expiration time (`exp`), not before time (`nbf`), and issued at (`iat`) claims are optional, but validated if present. * The issuer (`iss`) claim is optional, but required and validated if configured. diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml index aee300013f..ae476d19ac 100644 --- a/docs/sample_config.yaml +++ b/docs/sample_config.yaml @@ -2039,6 +2039,12 @@ sso: # #algorithm: "provided-by-your-issuer" + # Name of the claim containing a unique identifier for the user. + # + # Optional, defaults to `sub`. + # + #subject_claim: "sub" + # The issuer to validate the "iss" claim against. # # Optional, if provided the "iss" claim will be required and |