Skip to content

[TT-14359] fix nested scopes for identity base field #7522

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
andrei-tyk merged 7 commits into from
Nov 10, 2025

Merge branch 'master' into TT-14359-fix-nested-scopes-for-identity-ba…

2d93816
Select commit
Loading
Failed to load commit list.
Merged

[TT-14359] fix nested scopes for identity base field #7522

Merge branch 'master' into TT-14359-fix-nested-scopes-for-identity-ba…
2d93816
Select commit
Loading
Failed to load commit list.
probelabs / Visor: architecture failed Nov 10, 2025 in 6m 26s

🚨 Check Failed

architecture check failed because fail_if condition was met.

Details

📊 Summary

  • Total Issues: 2
  • Error Issues: 2

🔍 Failure Condition Results

❌ Failed Conditions

  • global_fail_if: Global failure condition met
    • ⚠️ Severity: Error

🐛 Issues by Category

🏗️ Architecture (1)

  • gateway/mw_jwt.go:1531 - The function getUserIDFromClaim duplicates the logic for looking up JWT claims that is already present in the new getClaimValue function. This violates the Don't Repeat Yourself (DRY) principle and introduces a maintenance burden. The function re-implements both literal and nested claim lookups to differentiate between a 'not found' claim and a 'found but empty' claim, a distinction that the getClaimValue helper abstracts away. This leads to redundant code that is difficult to maintain.

🧠 Logic (1)

  • system:0 - Global failure condition met

Powered by Visor from Probelabs

💡 TIP: You can chat with Visor using /visor ask <your question>

Annotations

Check failure on line 1548 in gateway/mw_jwt.go

See this annotation in the file changed.

@probelabs probelabs / Visor: architecture

architecture Issue 

The function `getUserIDFromClaim` duplicates the logic for looking up JWT claims that is already present in the new `getClaimValue` function. This violates the Don't Repeat Yourself (DRY) principle and introduces a maintenance burden. The function re-implements both literal and nested claim lookups to differentiate between a 'not found' claim and a 'found but empty' claim, a distinction that the `getClaimValue` helper abstracts away. This leads to redundant code that is difficult to maintain.
Raw output 
Refactor the claim lookup logic into a new, lower-level helper function that can be shared by both `getClaimValue` and `getUserIDFromClaim`. This new function should perform the raw lookup (both literal and nested) and return the `interface{}` value, allowing each caller to implement its own specific validation logic (e.g., checking for empty strings) without duplicating the lookup mechanism. This will improve separation of concerns and code reusability.
View more details on probelabs