Drop any query string from the admin tokens

This commit makes sure the admin token audience is passed without a query string (or any fragment).
2022-04-18 15:18:23 -07:00 · 2022-04-18 15:18:23 -07:00 · 4770b405ba
commit 4770b405ba
parent 50a271edca
1 changed files with 7 additions and 0 deletions
--- a/ca/adminClient.go
+++ b/ca/adminClient.go
@ -90,6 +90,13 @@ func (c *AdminClient) generateAdminToken(aud *url.URL) (string, error) {
 		return "", err
 	}

+	// Drop any query string parameter from the token audience
+	aud = &url.URL{
+		Scheme: aud.Scheme,
+		Host:   aud.Host,
+		Path:   aud.Path,
+	}
+
 	now := time.Now()
 	tokOptions := []token.Options{
 		token.WithJWTID(jwtID),