fix: json schema validation

supabase · Jan 20, 2025 · 3a94975 · 3a94975
1 parent 1126963
commit 3a94975
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 7 deletions.
diff --git a/internal/api/token.go b/internal/api/token.go
@@ -31,7 +31,7 @@ type AccessTokenClaims struct {
 	AuthenticatorAssuranceLevel   string                 `json:"aal,omitempty"`
 	AuthenticationMethodReference []models.AMREntry      `json:"amr,omitempty"`
 	SessionId                     string                 `json:"session_id,omitempty"`
-	IsAnonymous                   bool                   `json:"is_anonymous,omitempty"`
+	IsAnonymous                   bool                   `json:"is_anonymous"`
 }
 
 // AccessTokenResponse represents an OAuth2 success response
@@ -336,6 +336,7 @@ func (a *API) generateAccessToken(r *http.Request, tx *storage.Connection, user
 		AuthenticatorAssuranceLevel: aal.String(),
 		SessionId:                   sid,
 		Role:                        user.Role,
+		IsAnonymous:                 user.IsAnonymous,
 	}
 
 	// add additional claims that are optional
@@ -351,8 +352,6 @@ func (a *API) generateAccessToken(r *http.Request, tx *storage.Connection, user
 			claims.UserMetaData = user.UserMetaData
 		case "amr":
 			claims.AuthenticationMethodReference = amr
-		case "is_anonymous":
-			claims.IsAnonymous = user.IsAnonymous
 		}
 	}
 

diff --git a/internal/api/token_test.go b/internal/api/token_test.go
@@ -862,7 +862,7 @@ func (ts *TokenTestSuite) TestConfigureAccessToken() {
 		additionalClaimsConfig []string
 		expectedClaims         []string
 	}
-	requiredClaims := []string{"aud", "exp", "iat", "sub", "role", "aal", "session_id", "user_metadata"}
+	requiredClaims := []string{"aud", "exp", "iat", "sub", "role", "aal", "session_id", "user_metadata", "is_anonymous"}
 	cases := []customAccessTokenTestcase{
 
 		{

diff --git a/internal/conf/configuration.go b/internal/conf/configuration.go
@@ -893,7 +893,7 @@ func (config *GlobalConfiguration) ApplyDefaults() error {
 	// also allow setting to default claims using the "default" keyword, making it possible to use
 	// this config as a binary flag "none" == use_mimimal_jwt == true, "default" == use_mimimal_jwt == false
 	if len(config.JWT.AdditionalClaims) == 0 || (len(config.JWT.AdditionalClaims) == 1 && config.JWT.AdditionalClaims[0] == "default") {
-		config.JWT.AdditionalClaims = []string{"email", "phone", "app_metadata", "user_metadata", "amr", "is_anonymous"}
+		config.JWT.AdditionalClaims = []string{"email", "phone", "app_metadata", "user_metadata", "amr"}
 	}
 
 	if config.JWT.Exp == 0 {

diff --git a/internal/hooks/auth_hooks.go b/internal/hooks/auth_hooks.go
@@ -94,7 +94,7 @@ const MinimumViableTokenSchema = `{
       "type": "string"
     }
   },
-  "required": ["aud", "exp", "iat", "sub", "email", "phone", "role", "aal", "session_id", "is_anonymous"]
+  "required": ["aud", "exp", "iat", "sub", "role", "aal", "session_id"]
 }`
 
 // AccessTokenClaims is a struct thats used for JWT claims
@@ -108,7 +108,7 @@ type AccessTokenClaims struct {
 	AuthenticatorAssuranceLevel   string                 `json:"aal,omitempty"`
 	AuthenticationMethodReference []models.AMREntry      `json:"amr,omitempty"`
 	SessionId                     string                 `json:"session_id,omitempty"`
-	IsAnonymous                   bool                   `json:"is_anonymous,omitempty"`
+	IsAnonymous                   bool                   `json:"is_anonymous"`
 }
 
 type MFAVerificationAttemptInput struct {