From: Pedro Gonzalez Gomez <pegonzal@ibm.com>
Date: Thu, 7 May 2026 19:55:15 +0000 (+0200)
Subject: mgr/dashboard: fix missing claims on oauth2 sso
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=d63d2bfe589c8230c3a1c7c8e746c99c6df45571;p=ceph.git

mgr/dashboard: fix missing claims on oauth2 sso

Fixes: https://tracker.ceph.com/issues/76479
Signed-off-by: Pedro Gonzalez Gomez <pegonzal@ibm.com>
---

diff --git a/src/pybind/mgr/dashboard/services/auth/oauth2.py b/src/pybind/mgr/dashboard/services/auth/oauth2.py
index b000c2f75baf..d7ffabb57238 100644
--- a/src/pybind/mgr/dashboard/services/auth/oauth2.py
+++ b/src/pybind/mgr/dashboard/services/auth/oauth2.py
@@ -130,13 +130,16 @@ class OAuth2(SSOAuth):
             raise cherrypy.HTTPError()
         try:
             user = mgr.ACCESS_CTRL_DB.create_user(
-                jwt_payload['sub'], None, jwt_payload['name'], jwt_payload['email'])
+                jwt_payload['sub'], None, jwt_payload.get('name', None), jwt_payload.get('email', None))
         except UserAlreadyExists:
             logger.debug("User already exists")
             user = mgr.ACCESS_CTRL_DB.get_user(jwt_payload['sub'])
+        except KeyError as e:
+            raise cherrypy.HTTPError(500, f'Invalid token payload: {e}')
+
         user.set_roles(cls.get_user_roles())
         # set user last update to token time issued
-        user.last_update = jwt_payload['iat']
+        user.last_update = jwt_payload.get('iat', 0)
         cherrypy.request.user = user
 
     @classmethod