From b9cc476eb7aa57ed6714654e6036c73c9d105919 Mon Sep 17 00:00:00 2001 From: Dan Cech Date: Thu, 11 Apr 2019 06:30:55 -0700 Subject: [PATCH] Update jwt regexp to include = (#16521) Fixes #16501 --- pkg/login/social/generic_oauth.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/login/social/generic_oauth.go b/pkg/login/social/generic_oauth.go index a97d58334c7..7a128481f35 100644 --- a/pkg/login/social/generic_oauth.go +++ b/pkg/login/social/generic_oauth.go @@ -231,7 +231,7 @@ func (s *SocialGenericOAuth) extractToken(data *UserInfoJson, token *oauth2.Toke return false } - jwtRegexp := regexp.MustCompile("^([-_a-zA-Z0-9]+)[.]([-_a-zA-Z0-9]+)[.]([-_a-zA-Z0-9]+)$") + jwtRegexp := regexp.MustCompile("^([-_a-zA-Z0-9=]+)[.]([-_a-zA-Z0-9=]+)[.]([-_a-zA-Z0-9=]+)$") matched := jwtRegexp.FindStringSubmatch(idToken.(string)) if matched == nil { s.log.Debug("id_token is not in JWT format", "id_token", idToken.(string))