Process value received from jwt-role-claim-key

[yobottehg]

In a project were we currently work on and use PostgREST 12.2 and PostgreSQL 17 we receive the role in a "weird" format from the clients IDP.

I see that the supported formats are either "role1".or ["role1", "role2"] however we have something like "role1,a=b,c=d,..." where the string itself is too long for the PostgreSQL to use it as a whole for the role.

What would be the appropriate way to only use the first part until the first ","?

Would the recent addition of #3813 help us here?

Do we need to use db-pre-request and process the value "manually" for each request?

Thank you in advance for any hint!

[steve-chavez]

in a "weird" format from the clients IDP.
however we have something like "role1,a=b,c=d,..."

@yobottehg Can you share which service sends that string? Would like to know how generally useful would be adding this capability.

I don't think #3813 is enough, but maybe @taimoorzaeem can clarify?

[taimoorzaeem]

however we have something like "role1,a=b,c=d,..."

We support roles given in a JSON format and jwt-role-claim-key just extracts the role from the JSON. #3813 just provides a feature in which we compare the strings in JSON list when extracting role through jwt-role-claim-key. I am not familiar with the "weird" format above. @yobottehg Could you share more about the format perhaps we can find some workaround?

[yobottehg]

The client uses Ping identity as a facade for their active directory. I guess these "a=b, c=d, ..." entries are coming from the AD. In the mean while we requested the client to adapt the output to omit these params and everything is working now.