feat: add JSON object support for ctx in token generation#176
Open
samsternberg wants to merge 1 commit intoskyflowapi:mainfrom
Open
feat: add JSON object support for ctx in token generation#176samsternberg wants to merge 1 commit intoskyflowapi:mainfrom
samsternberg wants to merge 1 commit intoskyflowapi:mainfrom
Conversation
…d data token generation
Extend the Go SDK's bearer token and signed data token generation to accept
a map[string]interface{} for the Ctx field, in addition to the existing
string type. This enables structured context for conditional data access
policies where ctx object keys map to Skyflow CEL policy variables
(e.g., request.context.role, request.context.department).
Changes:
- common.go: widen Ctx fields to interface{} on BearerTokenOptions,
SignedDataTokensOptions, and Credentials.Context
- helpers.go: add ValidateAndResolveCtx() function with key validation
(^[a-zA-Z0-9_]+$), update both token generation paths to use it
- vault_controller.go: update nil check for Context (was != "")
- message.go: add EMPTY_CONTEXT, INVALID_CTX_TYPE, INVALID_CTX_MAP_KEY
- Samples: add JSON object context example
- README: document both string and map ctx patterns with CEL policy
variable mapping
Technical note: golang-jwt/jwt/v4's MapClaims automatically serializes
map[string]interface{} as a JSON object in the JWT payload. No custom
serialization needed.
No test regressions (59 passed / 12 failed — same as main branch).
Resolves: SK-2680, DOCU-1439
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Collaborator
|
Unit tests are missing for |
| } | ||
| // ValidateAndResolveCtx validates the ctx value and returns the resolved value for JWT claims. | ||
| // Returns (nil, nil) if ctx should be omitted, (value, nil) if valid, or (nil, error) if invalid. | ||
| var ctxKeyPattern = regexp.MustCompile(`^[a-zA-Z0-9_]+$`) |
Collaborator
There was a problem hiding this comment.
Use constants instead hard-coded strings
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
map[string]interface{}for theCtxfield, in addition to the existingstringtyperequest.context.role,request.context.department, etc.)ValidateAndResolveCtx()helper with key validation (^[a-zA-Z0-9_]+$for CEL compatibility)map[string]interface{}as a JSON object in JWT payloadCtxfields onBearerTokenOptions,SignedDataTokensOptions, andCredentials.Contexttointerface{}INVALID_CTX_TYPE,INVALID_CTX_MAP_KEY,EMPTY_CONTEXTTest plan
go test ./internal/helpers/...— no regressions vs main (59 pass / 12 pre-existing fail)go test ./serviceaccount/...— no regressions vs main (14 pass / 3 pre-existing fail)go build ./...— compiles cleanResolves: SK-2680, DOCU-1439
🤖 Generated with Claude Code