ai/chat
1
0
Fork 0
Code Activity

fix: read sub claim from PDS service auth JWT

Browse Source
This commit is contained in:
syui
2026-03-22 16:46:04 +09:00
parent 770ed8ca8d
commit 3e7d32b5cc
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/main.rs
View File

@@ -287,7 +287,7 @@ fn extract_did(headers: &HeaderMap) -> Option<String> {
return Some(token.to_string()); return Some(token.to_string());
} }
// Decode JWT payload to extract iss (issuer = caller DID) // Decode JWT payload: prefer "sub" (service auth from PDS proxy), fallback to "iss"
let parts: Vec<&str> = token.split('.').collect(); let parts: Vec<&str> = token.split('.').collect();
if parts.len() == 3 { if parts.len() == 3 {
if let Ok(decoded) = base64::Engine::decode( if let Ok(decoded) = base64::Engine::decode(
@@ -295,6 +295,10 @@ fn extract_did(headers: &HeaderMap) -> Option<String> {
parts[1], parts[1],
) { ) {
if let Ok(payload) = serde_json::from_slice::<serde_json::Value>(&decoded) { if let Ok(payload) = serde_json::from_slice::<serde_json::Value>(&decoded) {
// PDS service auth: iss=PDS DID, sub=user DID
if let Some(sub) = payload.get("sub").and_then(|v| v.as_str()) {
return Some(sub.to_string());
}
if let Some(iss) = payload.get("iss").and_then(|v| v.as_str()) { if let Some(iss) = payload.get("iss").and_then(|v| v.as_str()) {
return Some(iss.to_string()); return Some(iss.to_string());
} }