Added check to ensure 'sub' is present in claim before parsing and us…

…e token subjact if sub is not present in claims
zalando · Oct 26, 2024 · 03721d1 · 03721d1
1 parent 262c326
commit 03721d1
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/filters/auth/oidc_introspection.go b/filters/auth/oidc_introspection.go
@@ -131,8 +131,13 @@ func (filter *oidcIntrospectionFilter) Request(ctx filters.FilterContext) {
 		return
 	}
 
-	sub := token.Claims["sub"].(string)
-	authorized(ctx, sub)
+	sub, ok := token.Claims["sub"]
+	if ok {
+		authorized(ctx, sub.(string))
+	} else {
+		sub := token.Subject
+		authorized(ctx, sub)
+	}
 }
 
 func (filter *oidcIntrospectionFilter) Response(filters.FilterContext) {}