Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AuthenticateWithClaims doesn't respect UnmarshalJSON implementers #174

Open
jhwz opened this issue Apr 8, 2024 · 2 comments
Open

AuthenticateWithClaims doesn't respect UnmarshalJSON implementers #174

jhwz opened this issue Apr 8, 2024 · 2 comments

Comments

@jhwz
Copy link

jhwz commented Apr 8, 2024

In sessions.AuthenticateWithClaims you use mapstructure to decode the custom claims into the object.

The call you are using doesn't respect a type implementing the json.Unmarshaler interface. Ideally you would use the standard json library for this, but I understand that it's difficult to implement (may need to unmarshal twice or something). The alternative is to add a DecodeHook to your mapstructure config which handles types which implement json.Unmarshaler
@logan-stytch
Copy link
Contributor

Hey! This is a great suggestion. I'm wondering if something simple like this would hypothetically work:

if unmarshaler, ok := claims.(json.Unmarshaler); ok {
    // use unmarshaler to decode the custom claims
} else {
    // existing unmarshal logic using mapstructure
}

@jhwz
Copy link
Author

jhwz commented Apr 8, 2024

You don't have the JSON bytes available, just map[string]any.. If you can get the JSON bytes then you should just be using the json package!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jhwz @logan-stytch