From 6ec147bc83de8b5091dbffcfd2f17e28d81d209d Mon Sep 17 00:00:00 2001
From: HadleySo <71105018+HadleySo@users.noreply.github.com>
Date: Wed, 18 Mar 2026 22:41:00 -0500
Subject: [PATCH] require username claim in JWT

---
 application/controllers/Header_auth.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/application/controllers/Header_auth.php b/application/controllers/Header_auth.php
index 032a515eb..c510a90ec 100644
--- a/application/controllers/Header_auth.php
+++ b/application/controllers/Header_auth.php
@@ -259,6 +259,10 @@ class Header_auth extends CI_Controller {
             log_message('error', 'SSO Authentication: Missing email or callsign claim in access token.');
             $this->_sso_error();
         }
+        if (empty($mapped['user_name'])) {
+            log_message('error', 'SSO Authentication: Missing username claim in access token.');
+            $this->_sso_error();
+        }
 
         // $club_id = $this->config->item('auth_header_club_id', 'sso') ?: ''; // TODO: Add support to add a user to a clubstation