Make OAuth2 issuer configurable (#35915) (#35916)

Backport #35915 by wxiaoguang
2025-11-11 00:12:25 +08:00
parent db876d8f17
commit 327f2207dc
4 changed files with 35 additions and 13 deletions
--- a/services/oauth2_provider/access_token.go
+++ b/services/oauth2_provider/access_token.go
@@ -112,8 +112,12 @@ func NewJwtRegisteredClaimsFromUser(clientID string, grantUserID int64, exp *jwt
 	// to retrieve the configuration information. This MUST also be identical to the "iss" Claim value in ID Tokens issued from this Issuer.
 	// * https://accounts.google.com/.well-known/openid-configuration
 	// * https://github.com/login/oauth/.well-known/openid-configuration
+	issuer := setting.OAuth2.JWTClaimIssuer
+	if issuer == "" {
+		issuer = strings.TrimSuffix(setting.AppURL, "/")
+	}
 	return jwt.RegisteredClaims{
-		Issuer:    strings.TrimSuffix(setting.AppURL, "/"),
+		Issuer:    issuer,
 		Audience:  []string{clientID},
 		Subject:   strconv.FormatInt(grantUserID, 10),
 		ExpiresAt: exp,