Add config for customizing the claim used for JWT logins. (#11361)

Allows specifying a different claim (from the default "sub") to use when calculating the localpart of the Matrix ID used during the JWT login.
author: Kostas <vrinek@users.noreply.github.com> 2021-11-22 19:01:03 +0100
committer: GitHub <noreply@github.com> 2021-11-22 13:01:03 -0500
commit: 1035663833a76196c3e3ba425fd6500c5420bbe2 (patch)
tree: 8babbe56e354631364b4de4dca22ac9b9ee1a154 /synapse/rest/client
parent: Store arbitrary relations from events. (#11391) (diff)
download: synapse-1035663833a76196c3e3ba425fd6500c5420bbe2.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/synapse/rest/client/login.py b/synapse/rest/client/login.py
index 467444a041..00e65c66ac 100644
--- a/synapse/rest/client/login.py
+++ b/synapse/rest/client/login.py
@@ -72,6 +72,7 @@ class LoginRestServlet(RestServlet):
         # JWT configuration variables.
         self.jwt_enabled = hs.config.jwt.jwt_enabled
         self.jwt_secret = hs.config.jwt.jwt_secret
+        self.jwt_subject_claim = hs.config.jwt.jwt_subject_claim
         self.jwt_algorithm = hs.config.jwt.jwt_algorithm
         self.jwt_issuer = hs.config.jwt.jwt_issuer
         self.jwt_audiences = hs.config.jwt.jwt_audiences
@@ -413,7 +414,7 @@ class LoginRestServlet(RestServlet):
                 errcode=Codes.FORBIDDEN,
             )
 
-        user = payload.get("sub", None)
+        user = payload.get(self.jwt_subject_claim, None)
         if user is None:
             raise LoginError(403, "Invalid JWT", errcode=Codes.FORBIDDEN)
author	Kostas <vrinek@users.noreply.github.com>	2021-11-22 19:01:03 +0100
committer	GitHub <noreply@github.com>	2021-11-22 13:01:03 -0500
commit	1035663833a76196c3e3ba425fd6500c5420bbe2 (patch)
tree	8babbe56e354631364b4de4dca22ac9b9ee1a154 /synapse/rest/client
parent	Store arbitrary relations from events. (#11391) (diff)
download	synapse-1035663833a76196c3e3ba425fd6500c5420bbe2.tar.xz