lukaszraczylo/traefikoidc
1
0
Fork 0
mirror of https://github.com/lukaszraczylo/traefikoidc.git synced 2026-06-05 22:44:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix for Hashicorp Vault - accept opaque access tokens with dot-characters (#113)

Browse Source
This commit is contained in:
Dominik Chilla
2026-01-02 17:42:22 +01:00
committed by GitHub
parent 22c4323fcb
commit 8bf7998150
1 changed files with 1 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
session.go
+1 -12
View File
@@ -1820,23 +1820,12 @@ func (sd *SessionData) SetAccessToken(token string) {
defer sd.sessionMutex.Unlock()
if token != "" {
dotCount := strings.Count(token, ".")
// Reject tokens with exactly 1 dot (invalid format - neither JWT nor opaque)
if dotCount == 1 {
if sd.manager != nil && sd.manager.logger != nil {
sd.manager.logger.Debug("Invalid token format during storage (dots: %d) - rejecting", dotCount)
}
return
}
// For opaque tokens (no dots), ensure minimum length for security
if dotCount == 0 && len(token) < 20 {
if len(token) < 20 {
if sd.manager != nil && sd.manager.logger != nil {
sd.manager.logger.Debug("Token too short for opaque token (length: %d) - rejecting", len(token))
}
return
}
// Tokens with 2 dots are JWTs, tokens with 0 dots are opaque
// Both are valid formats
}
currentAccessToken := sd.getAccessTokenUnsafe()