feat: extract JWT subject claim header

author: mo khan <mo@mokhan.ca> 2025-07-10 08:22:16 -0600
committer: mo khan <mo@mokhan.ca> 2025-07-10 08:22:16 -0600
commit: 539cf6a187637783ae11becfa9d7b2d5faba4c24 (patch)
tree: 0482c7f4b006da14ec0142cac660a41b1ac0e8e2 /src/authorization
parent: b5460814d22b1eb2c3c8bdfd2c60ac5560ad0b3c (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/src/authorization/cedar_authorizer.rs b/src/authorization/cedar_authorizer.rs
index c6b886ec..ceaee51c 100644
--- a/src/authorization/cedar_authorizer.rs
+++ b/src/authorization/cedar_authorizer.rs
@@ -74,11 +74,16 @@ impl CedarAuthorizer {
 
     fn principal_from(
         &self,
-        _http_request: &envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest,
+        http_request: &envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest,
     ) -> Result<cedar_policy::EntityUid, Box<dyn std::error::Error>> {
+        let subject = http_request
+            .headers
+            .get("x-jwt-claim-sub")
+            .map_or("", |v| v);
+
         Ok(cedar_policy::EntityUid::from_type_name_and_id(
             cedar_policy::EntityTypeName::from_str("User")?,
-            cedar_policy::EntityId::from_str("client")?,
+            cedar_policy::EntityId::from_str(subject)?,
         ))
     }
author	mo khan <mo@mokhan.ca>	2025-07-10 08:22:16 -0600
committer	mo khan <mo@mokhan.ca>	2025-07-10 08:22:16 -0600
commit	539cf6a187637783ae11becfa9d7b2d5faba4c24 (patch)
tree	0482c7f4b006da14ec0142cac660a41b1ac0e8e2 /src/authorization
parent	b5460814d22b1eb2c3c8bdfd2c60ac5560ad0b3c (diff)