Skip to content

Commit

Permalink
WebIdentityClientGrantsProvider: use 'id_token' as fallback to 'acces…
Browse files Browse the repository at this point in the history 
…s_token' (#1457)

Signed-off-by: Bala.FA <bala@minio.io>
  • Loading branch information
@balamurugana
balamurugana authored Nov 13, 2024
1 parent 246da60 commit 3ead668
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions minio/credentials/providers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -654,9 +654,10 @@ def retrieve(self) -> Credentials:
if self._policy:
query_params["Policy"] = self._policy

access_token = jwt.get("access_token") or jwt.get("id_token", "")
if self._is_web_identity():
query_params["Action"] = "AssumeRoleWithWebIdentity"
query_params["WebIdentityToken"] = jwt.get("id_token", "")
query_params["WebIdentityToken"] = access_token
if self._role_arn:
query_params["RoleArn"] = self._role_arn
query_params["RoleSessionName"] = (
Expand All @@ -666,7 +667,7 @@ def retrieve(self) -> Credentials:
)
else:
query_params["Action"] = "AssumeRoleWithClientGrants"
query_params["Token"] = jwt.get("id_token", "")
query_params["Token"] = access_token

url = self._sts_endpoint + "?" + urlencode(query_params)
res = _urlopen(self._http_client, "POST", url)
Expand Down

0 comments on commit 3ead668

Please sign in to comment.