Skip to content

fix for extracting JWT subject #1485

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bdehamer merged 1 commit into from
Sep 23, 2025
Merged

fix for extracting JWT subject #1485

bdehamer merged 1 commit into from
Sep 23, 2025

Conversation

@bdehamer
Copy link
Collaborator

@bdehamer bdehamer commented Sep 22, 2025
edited
Loading

Summary

Addresses an issue in the signing logic where the incorrect claim was extracted from the OIDC token when calculating the proof-of-possession for Fulcio.

With the new logic, we'll first check for a (verified) email claim and use that value if present. If not email claim is present it will fallback to using the sub claim.

@bdehamer bdehamer requested a review from a team as a code owner September 22, 2025 22:11
@changeset-bot
Copy link

changeset-bot bot commented Sep 22, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 619c77f

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@sigstore/sign Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@bdehamer
fix for extracting JWT subject
619c77f 
Signed-off-by: Brian DeHamer <[email protected]>
@bdehamer bdehamer force-pushed the bdehamer/oidc-subject branch from 08f4905 to 619c77f Compare September 22, 2025 22:12
ejahnGithub
ejahnGithub approved these changes Sep 23, 2025
View reviewed changes
Copy link
Contributor

@ejahnGithub ejahnGithub left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@bdehamer bdehamer merged commit 55ae624 into main Sep 23, 2025
23 checks passed
@bdehamer bdehamer deleted the bdehamer/oidc-subject branch September 23, 2025 16:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ejahnGithub ejahnGithub ejahnGithub approved these changes

+1 more reviewer

@wlynch wlynch wlynch approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bdehamer @wlynch @ejahnGithub