diff --git a/auth_jwt/__manifest__.py b/auth_jwt/__manifest__.py
index 1acd7340a6..c782869de8 100644
--- a/auth_jwt/__manifest__.py
+++ b/auth_jwt/__manifest__.py
@@ -5,7 +5,7 @@
"name": "Auth JWT",
"summary": """
JWT bearer token authentication.""",
- "version": "18.0.1.1.0",
+ "version": "18.0.1.1.1",
"license": "LGPL-3",
"author": "ACSONE SA/NV,Odoo Community Association (OCA)",
"maintainers": ["sbidoul"],
diff --git a/auth_jwt/models/auth_jwt_validator.py b/auth_jwt/models/auth_jwt_validator.py
index 2618b72cd0..84b2247fef 100644
--- a/auth_jwt/models/auth_jwt_validator.py
+++ b/auth_jwt/models/auth_jwt_validator.py
@@ -64,16 +64,15 @@ class AuthJwtValidator(models.Model):
],
default="RS256",
)
- audience = fields.Char(
- required=False, help="Comma separated list of audiences, to validate aud."
- )
- scopes = fields.Char(
- required=False, help="Comma separated list of scopes, to validate scope."
+ audience_type = fields.Selection(
+ [("audience", "Audience"), ("group", "Group"), ("scope", "Scope")],
+ required=True,
+ default="audience",
)
- groups = fields.Char(
- required=False,
- help="Comma separated list of groups, to validate group membership.",
+ audience = fields.Char(
+ required=False, help="Comma separated list of attribute needed."
)
+
issuer = fields.Char(required=True, help="To validate iss.")
user_id_strategy = fields.Selection(
[("static", "Static")], required=True, default="static"
@@ -213,23 +212,24 @@ def _decode(self, token, secret=None):
),
issuer=self.issuer,
)
- if len(self.audience) > 0:
- if (payload.get("client_id") in (self.audience).split(",")) or (
- payload.get("aud") in self.audience.split(",")
- ):
- return payload
- else:
- raise UnauthorizedInvalidToken()
- if len(self.scopes) > 0:
- if payload.get("scope") in (self.scopes).split(","):
- return payload
- else:
- raise UnauthorizedInvalidToken()
- if len(self.groups) > 0:
- if payload.get("group") in (self.groups).split(","):
- return payload
- else:
- raise UnauthorizedInvalidToken()
+ if len((self.audience).split(",") or []) > 0:
+ if self.audience_type == "audience":
+ if (payload.get("client_id") in (self.audience).split(",")) or (
+ payload.get("aud") in self.audience.split(",")
+ ):
+ return payload
+ else:
+ raise UnauthorizedInvalidToken()
+ if self.audience_type == "scope":
+ if payload.get("scope") in (self.audience).split(","):
+ return payload
+ else:
+ raise UnauthorizedInvalidToken()
+ if self.audience_type == "group":
+ if payload.get("group") in (self.audience).split(","):
+ return payload
+ else:
+ raise UnauthorizedInvalidToken()
except Exception as e:
_logger.info("Invalid token: %s", e)
raise UnauthorizedInvalidToken() from e
diff --git a/auth_jwt/views/auth_jwt_validator_views.xml b/auth_jwt/views/auth_jwt_validator_views.xml
index 1bba933218..fcdcac1846 100644
--- a/auth_jwt/views/auth_jwt_validator_views.xml
+++ b/auth_jwt/views/auth_jwt_validator_views.xml
@@ -12,10 +12,8 @@
+
-
-
-