From 9ea5ddc45f6663e8719115650828b20b100c7809 Mon Sep 17 00:00:00 2001 From: chrislu Date: Wed, 27 Aug 2025 22:12:48 -0700 Subject: [PATCH] populate the issuerToProvider --- weed/iam/sts/sts_service.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/weed/iam/sts/sts_service.go b/weed/iam/sts/sts_service.go index 0bd8229b0..9cd4c4956 100644 --- a/weed/iam/sts/sts_service.go +++ b/weed/iam/sts/sts_service.go @@ -262,6 +262,19 @@ func (s *STSService) loadProvidersFromConfig(config *STSConfig) error { // Replace current providers with new ones s.providers = providersMap + // Also populate the issuerToProvider map for efficient and secure JWT validation + s.issuerToProvider = make(map[string]providers.IdentityProvider) + for name, provider := range s.providers { + issuer := s.extractIssuerFromProvider(provider) + if issuer != "" { + if _, exists := s.issuerToProvider[issuer]; exists { + glog.Warningf("Duplicate issuer %s found for provider %s. Overwriting.", issuer, name) + } + s.issuerToProvider[issuer] = provider + glog.V(2).Infof("Registered provider %s with issuer %s for efficient lookup", name, issuer) + } + } + glog.V(1).Infof("Successfully loaded %d identity providers: %v", len(s.providers), s.getProviderNames())