You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Revert 1dfb2e6. Removing when:null broke OIDC completely — JSON merge
patch merges objects recursively, so without when:null the base policy's
sk-oai-* restriction on X-MaaS-Username persists through the merge,
causing all OIDC requests to get 500 AUTH_FAILURE.
The when:null approach is correct per RFC 7386 (null removes keys).
The previous run proved it works (123/126 tests passed).
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
0 commit comments