Claim checking seems broken #48
Description
Using AIO, and setting this claim:
@flaat.requires(
get_claim_requirement( # the user needs to satisfy this requirement (having one of the email claims)
["[email protected]", "[email protected]"],
claim="email",
match=1,
),
)
plus having this claim in my userinfo:
"email": "[email protected]",
Still gives me:
marcus@nemo 0 ~/projects/flaat master|✚2…2 $ http localhost:8080/authorized_claim "Authorization: Bearer `oidc-token egi`"
HTTP/1.1 403 Forbidden
Content-Length: 416
Content-Type: application/json; charset=utf-8
Date: Fri, 25 Feb 2022 14:46:23 GMT
Server: Python/3.9 aiohttp/3.8.1
{
"error": "Forbidden",
"error_description": "User d7a53cbe3e966c53ac64fde7355956560282158ecac8f3d2c770b474862f4756@egi.eu@https://aai.egi.eu/oidc/ does not meet requirements",
"error_details": {
"check": "OneOf: No sub-requirements are satisfied",
"check_details": [
"User has no claim 'email' with value: '[email protected]' // '[email protected]'",
"User has no claim 'email' with value: '[email protected]' // '[email protected]'"
]
}
}
the values after // are the actual claim value; added as a debug output to the code ...