temporal icon indicating copy to clipboard operation
temporal copied to clipboard

Published 20 hours ago verified publisher icon temporalio

Support for regex pattern in DefaultJWTClaimMapper permission parser

Open adamko147 opened this issue 7 months ago • 1 comments

What changed?

Added support for parsing permissions from JWT claim using regular expression

Why?

Default JWT Claim Mapper expects permission in form namespace:role. If it's not possible to configure JWT issuer to follow namespace:role permissionsPattern can be set to regular expression with named groups to parse permission. More details in issue gh-7560

How did you test it?

  • Unit tests
  • Local tests
  • Self hosted environment (ongoing)

Potential risks

This change is only activated if new configuration is provided

Documentation

WIP

Is hotfix candidate?

No

adamko147 avatar Apr 04 '25 22:04 adamko147

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Apr 04 '25 22:04 CLAassistant

LGTM. Could you also open a PR to document this in our documentation repo: https://github.com/temporalio/documentation/blob/main/docs/production-deployment/self-hosted-guide/security.mdx#default-jwt-claimmapper?

@bergundy, will do that! Thanks, appreciate the support!

adamko147 avatar Jul 07 '25 16:07 adamko147