fix: handle space-delimited scope string in OIDC role extraction
extractRoles() only handled List claims (JSON arrays). When rolesClaim is configured as "scope", the JWT value is a space-delimited string, which was silently returning [] and falling back to defaultRoles. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -185,6 +185,9 @@ public class OidcTokenExchanger {
|
||||
if (value instanceof List<?> list) {
|
||||
return list.stream().map(Object::toString).toList();
|
||||
}
|
||||
if (value instanceof String s && !s.isBlank()) {
|
||||
return List.of(s.split(" "));
|
||||
}
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user