Strip namespace prefix from custom claims #4061
Draft
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Thank you for submitting this pull request! We really appreciate you spending the time to work on these changes.
What is the motivation?
To behave similarly with custom JWT claims as with default JWT claims expected by SurrealDB. With default claims, names are aliased to support namespace prefixes. With custom claims, namespace prefixes will be stripped so that the canonical claim names can be directly accessible using the token parameter.
What does this change do?
Strips namespace prefixes from custom claims before adding it to the token object unless the claim already exists to prevent overwriting a public claim with a private one. Keeps the original claims accessible through the
$token
parameter in order to preserve backward compatibility in1.X
. This will not be the case in2.X
.What is your testing strategy?
Add a test to ensure that namespaced custom claims are correctly extracted.
Is this related to any issues?
Does this change need documentation?
No.
Have you read the Contributing Guidelines?