From 539cf6a187637783ae11becfa9d7b2d5faba4c24 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Thu, 10 Jul 2025 08:22:16 -0600
Subject: feat: extract JWT subject claim header

---
 src/authorization/cedar_authorizer.rs | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'src/authorization/cedar_authorizer.rs')

diff --git a/src/authorization/cedar_authorizer.rs b/src/authorization/cedar_authorizer.rs
index c6b886ec..ceaee51c 100644
--- a/src/authorization/cedar_authorizer.rs
+++ b/src/authorization/cedar_authorizer.rs
@@ -74,11 +74,16 @@ impl CedarAuthorizer {
 
     fn principal_from(
         &self,
-        _http_request: &envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest,
+        http_request: &envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest,
     ) -> Result<cedar_policy::EntityUid, Box<dyn std::error::Error>> {
+        let subject = http_request
+            .headers
+            .get("x-jwt-claim-sub")
+            .map_or("", |v| v);
+
         Ok(cedar_policy::EntityUid::from_type_name_and_id(
             cedar_policy::EntityTypeName::from_str("User")?,
-            cedar_policy::EntityId::from_str("client")?,
+            cedar_policy::EntityId::from_str(subject)?,
         ))
     }
 
-- 
cgit v1.2.3