identp: fix retrieving the roles claim

2019-08-06 14:19:02 +03:00
parent ee865701c8
commit b9a1c627a5
3 changed files with 17 additions and 1 deletions
--- a/cmd/werther/main.go
+++ b/cmd/werther/main.go
@ -11,6 +11,7 @@ import (
 	"flag"
 	"fmt"
 	"net/http"
+	"net/url"
 	"os"

 	"github.com/i-core/rlog"
@ -58,6 +59,10 @@ func main() {
 		fmt.Fprintf(os.Stderr, "Invalid configuration: %s\n", err)
 		os.Exit(1)
 	}
+	if _, ok := cnf.Identp.ClaimScopes[url.QueryEscape(cnf.LDAP.RoleClaim)]; !ok {
+		fmt.Fprintf(os.Stderr, "Roles claim %q has no mapping to an OpenID Connect scope\n", cnf.LDAP.RoleClaim)
+		os.Exit(1)
+	}

 	logFunc := zap.NewProduction
 	if cnf.DevMode {