admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): support multiple identity provider associations (#6381)

Browse Source 
Signed-off-by: hongming <coder.scala@gmail.com>
Co-authored-by: hongming <coder.scala@gmail.com>
This commit is contained in:
KubeSphere CI Bot
2025-03-03 16:28:39 +08:00
committed by GitHub
parent 33152139d6
commit c90729682f
12 changed files with 177 additions and 221 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/kapis/oauth/handler.go
View File

@@ -17,7 +17,6 @@ import (
"github.com/golang-jwt/jwt/v4"
"gopkg.in/square/go-jose.v2"
apierrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apiserver/pkg/authentication/user"
"k8s.io/klog/v2"
iamv1beta1 "kubesphere.io/api/iam/v1beta1"
@@ -530,7 +529,7 @@ func (h *handler) refreshTokenGrant(req *restful.Request, response *restful.Resp
idp := authenticated.GetExtra()[iamv1beta1.ExtraIdentityProvider][0]
uid := authenticated.GetExtra()[iamv1beta1.ExtraUID][0]
queryParam := query.New()
queryParam.LabelSelector = labels.SelectorFromSet(labels.Set{iamv1beta1.IdentifyProviderLabel: idp, iamv1beta1.OriginUIDLabel: uid}).String()
queryParam.Filters = map[query.Field]query.Value{query.FieldAnnotation: query.Value(fmt.Sprintf("%s.%s=%s", iamv1beta1.IdentityProviderAnnotation, idp, uid))}
users, err := h.im.ListUsers(queryParam)
if err != nil {
klog.Errorf("failed to list users: %s", err)