🚀 Feature: Ability to have custom claims be non-string objects #359

New Issue

Closed

opened 2025-10-08 00:05:04 +03:00 by OVERLORD · 5 comments

OVERLORD commented 2025-10-08 00:05:04 +03:00

Owner

Copy Link

Originally created by @gray-morley on GitHub.

Feature description

I would like the ability to define a custom claim as either String, List, or JSON.

Pitch

I have an application that expects either a list or a json object from the custom claims. Currently pocket id is causing a failure because it converts what we type in the UI to a string. Thus when the application tries to read the claim, it throws a parsing error.

Specifically, my application in use is Audiobookshelf with custom login claims.

Thanks

Originally created by @gray-morley on GitHub. ### Feature description I would like the ability to define a custom claim as either String, List, or JSON. ### Pitch I have an application that expects either a list or a json object from the custom claims. Currently pocket id is causing a failure because it converts what we type in the UI to a string. Thus when the application tries to read the claim, it throws a parsing error. Specifically, my application in use is Audiobookshelf with custom login claims. Thanks

OVERLORD added the feature label 2025-10-08 00:05:04 +03:00

OVERLORD closed this issue 2025-10-08 00:05:06 +03:00

OVERLORD commented 2025-10-08 00:05:08 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub:

Alright, thanks. I'll look into it.

@stonith404 commented on GitHub: Alright, thanks. I'll look into it.

OVERLORD commented 2025-10-08 00:05:08 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub:

Can you share for which feature Audiobookshelf needs an object of a custom claim?

@stonith404 commented on GitHub: Can you share for which feature Audiobookshelf needs an object of a custom claim?

OVERLORD commented 2025-10-08 00:05:09 +03:00

Author

Owner

Copy Link

@gray-morley commented on GitHub:

Sure,

Here’s a screenshot of the claim that expects a json object:

This results in the following error:
2025-02-05 03:14:19.019
ERROR
[Auth] openid callback error: Unexpected permission property: 0 Error: Unexpected permission property: 0 at /server/models/User.js:845:15 at Array.forEach () at User.updatePermissionsFromExternalJSON (/server/models/User.js:842:33) at Auth.updateUserPermissions (/server/Auth.js:333:20) at OpenIDConnectStrategy._verify (/server/Auth.js:157:24) at process.processTicksAndRejections (node:internal/process/task_queues:95:5)

Claim response looks like the following (set up in pocket id):
Using a group claim:
Claim name: abspermissions
Claim value: { "canDownload": true, "canUpload": false, "canDelete": false, "canUpdate": false, "canAccessExplicitContent": true, "canAccessAllLibraries": true, "canAccessAllTags": false, "canCreateEReader": false, "tagsAreDenylist": true, "allowedTags": [ "Test" ] }

In Audiobookshelf logs, it receives:
[Auth] openid callback userinfo= { "abspermissions": "{ "canDownload": true, "canUpload": false, "canDelete": false, "canUpdate": false, "canAccessExplicitContent": true, "canAccessAllLibraries": true, "canAccessAllTags": false, "canCreateEReader": false, "tagsAreDenylist": true, "allowedTags": [ "Test" ] }", "email": "XXXXXX", "email_verified": true, "family_name": "XXXXXX", "given_name": "XXXXX", "name": "XXXXXXXX", "preferred_username": "XXXXXXX", "sub": "XXXXXXXX" }

As you can see, the abspermissions value is wrapped in quotes

@gray-morley commented on GitHub: Sure, Here’s a screenshot of the claim that expects a json object:  This results in the following error: 2025-02-05 03:14:19.019 ERROR [Auth] openid callback error: Unexpected permission property: 0 Error: Unexpected permission property: 0 at /server/models/User.js:845:15 at Array.forEach (<anonymous>) at User.updatePermissionsFromExternalJSON (/server/models/User.js:842:33) at Auth.updateUserPermissions (/server/Auth.js:333:20) at OpenIDConnectStrategy._verify (/server/Auth.js:157:24) at process.processTicksAndRejections (node:internal/process/task_queues:95:5) Claim response looks like the following (set up in pocket id): Using a group claim: Claim name: abspermissions Claim value: { "canDownload": true, "canUpload": false, "canDelete": false, "canUpdate": false, "canAccessExplicitContent": true, "canAccessAllLibraries": true, "canAccessAllTags": false, "canCreateEReader": false, "tagsAreDenylist": true, "allowedTags": [ "Test" ] } In Audiobookshelf logs, it receives: [Auth] openid callback userinfo= { "abspermissions": "{ \"canDownload\": true, \"canUpload\": false, \"canDelete\": false, \"canUpdate\": false, \"canAccessExplicitContent\": true, \"canAccessAllLibraries\": true, \"canAccessAllTags\": false, \"canCreateEReader\": false, \"tagsAreDenylist\": true, \"allowedTags\": [ \"Test\" ] }", "email": "XXXXXX", "email_verified": true, "family_name": "XXXXXX", "given_name": "XXXXX", "name": "XXXXXXXX", "preferred_username": "XXXXXXX", "sub": "XXXXXXXX" } As you can see, the abspermissions value is wrapped in quotes

OVERLORD commented 2025-10-08 00:05:09 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub:

Added in v0.29.0.

@stonith404 commented on GitHub: Added in `v0.29.0`.

OVERLORD commented 2025-10-08 00:05:09 +03:00

Author

Owner

Copy Link

@gray-morley commented on GitHub:

Thanks

@gray-morley commented on GitHub: Thanks

OVERLORD referenced this issue 2025-10-08 00:18:32 +03:00

[PR #359] [MERGED] feat: Add support for ECDSA and EdDSA keys #859

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

oidc-scopes

breaking/v2

i18n_crowdin

v2/use-item-component

default-env-db-keys

slog-gorm

v1.16.0

v1.15.0

v1.14.2

v1.14.1

v1.14.0

v1.13.1

v1.13.0

v1.12.0

v1.11.2

v1.11.1

v1.11.0

v1.10.0

v1.9.1

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.0

v1.4.1

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.53.0

v0.52.0

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.0

v0.45.0

v0.44.0

v0.43.1

v0.43.0

v0.42.1

v0.42.0

v0.41.0

v0.40.1

v0.40.0

v0.39.0

v0.38.0

v0.37.0

v0.36.0

v0.35.6

v0.35.5

v0.35.4

v0.35.3

v0.35.2

v0.35.1

v0.35.0

v0.34.0

v0.33.0

v0.32.0

v0.31.0

v0.30.0

v0.29.0

v0.28.1

v0.28.0

v0.27.2

v0.27.1

v0.27.0

v0.26.0

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.0

v0.22.0

v0.21.0

v0.20.1

v0.20.0

v0.19.0

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.0

v0.13.1

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.0

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.1

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels

breaking

bug

documentation

feature

needs more upvotes

open to pull requests

pull-request

Mirrored from GitHub Pull Request

No Label feature

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/pocket-id-pocket-id-1#359