From 113ccbfe4a9d8694c8d92d8c3d56477c3da15d8b Mon Sep 17 00:00:00 2001
From: Chris Lu <chris.lu@gmail.com>
Date: Mon, 12 Jan 2026 00:07:24 -0800
Subject: [PATCH] fix(iam/ldap): populate standard TokenClaims fields in
 ValidateToken

- Set Subject, Issuer, Audience, IssuedAt, and ExpiresAt to satisfy the interface
- Use time.Time for timestamps as required by TokenClaims struct
- Default to 1 hour TTL for LDAP tokens
---
 weed/iam/ldap/ldap_provider.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/weed/iam/ldap/ldap_provider.go b/weed/iam/ldap/ldap_provider.go
index 0506e34ed..f4ac2a565 100644
--- a/weed/iam/ldap/ldap_provider.go
+++ b/weed/iam/ldap/ldap_provider.go
@@ -554,8 +554,16 @@ func (p *LDAPProvider) ValidateToken(ctx context.Context, token string) (*provid
 		return nil, err
 	}
 
+	// Populate standard TokenClaims fields for interface compliance
+	now := time.Now()
+	ttl := 1 * time.Hour // Default TTL for LDAP tokens
+
 	return &providers.TokenClaims{
-		Subject: identity.UserID,
+		Subject:   identity.UserID,
+		Issuer:    p.name,
+		Audience:  p.name,
+		IssuedAt:  now,
+		ExpiresAt: now.Add(ttl),
 		Claims: map[string]interface{}{
 			"email":    identity.Email,
 			"name":     identity.DisplayName,