jira: update jira JWT subject per Atlassian's recent GDPR changes

Recently, Atlassian decided to remove `userKey` from JWT construction b/c they determined that it could contain personally identifiable information. They've since switched to the user account ID. This change updates the jira JWT to reflect these recent change. Fixes golang/oauth2#312 Change-Id: I4bd66cf925fdf38e02dd665befb5ab5f19f14ee7 GitHub-Last-Rev: 344bb6046c GitHub-Pull-Request: golang/oauth2#389 Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/185081 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
2019-11-22 19:50:22 +00:00
parent 0f29369cfe
commit 5d9234df09
2 changed files with 5 additions and 5 deletions
--- a/jira/jira.go
+++ b/jira/jira.go
@@ -81,7 +81,7 @@ func (js jwtSource) Token() (*oauth2.Token, error) {
 	exp := time.Duration(59) * time.Second
 	claimSet := &ClaimSet{
 		Issuer:       fmt.Sprintf("urn:atlassian:connect:clientid:%s", js.conf.ClientID),
-		Subject:      fmt.Sprintf("urn:atlassian:connect:userkey:%s", js.conf.Subject),
+		Subject:      fmt.Sprintf("urn:atlassian:connect:useraccountid:%s", js.conf.Subject),
 		InstalledURL: js.conf.BaseURL,
 		AuthURL:      js.conf.Endpoint.AuthURL,
 		IssuedAt:     time.Now().Unix(),