From b82a4d3b71cbf91ad136b433d48868c80098ee4a Mon Sep 17 00:00:00 2001 From: Nicola Murino Date: Sun, 13 Feb 2022 09:45:17 +0100 Subject: [PATCH] id token: allow to set claims Signed-off-by: Nicola Murino --- oidc/oidc.go | 10 ++++++++++ oidc/oidc_test.go | 12 ++++++++++++ 2 files changed, 22 insertions(+) diff --git a/oidc/oidc.go b/oidc/oidc.go index 3e1d80e0..eee3565f 100644 --- a/oidc/oidc.go +++ b/oidc/oidc.go @@ -368,6 +368,16 @@ func (i *IDToken) Claims(v interface{}) error { return json.Unmarshal(i.claims, v) } +// WithClaims returns a new IDToken that's a clone of i, but using +// provided claims. This is only intended for test cases or very +// specific use cases +func (i *IDToken) WithClaims(claims []byte) *IDToken { + i2 := new(IDToken) + *i2 = *i + i2.claims = claims + return i2 +} + // VerifyAccessToken verifies that the hash of the access token that corresponds to the iD token // matches the hash in the id token. It returns an error if the hashes don't match. // It is the caller's responsibility to ensure that the optional access token hash is present for the ID token diff --git a/oidc/oidc_test.go b/oidc/oidc_test.go index 26352082..91209935 100644 --- a/oidc/oidc_test.go +++ b/oidc/oidc_test.go @@ -10,6 +10,7 @@ import ( "strings" "testing" + "github.com/stretchr/testify/assert" "golang.org/x/oauth2" ) @@ -519,3 +520,14 @@ func TestUserInfoEndpoint(t *testing.T) { } } + +func TestIDTokenWithClaims(t *testing.T) { + idToken := IDToken{ + Issuer: "accounts.google.com", + claims: []byte(`{"iss":"accounts.google.com"}`), + } + idTokenWithClaims := idToken.WithClaims([]byte(`{"iss":"accounts.google.com","aud":"client1"}`)) + assert.Equal(t, idToken.Issuer, idTokenWithClaims.Issuer) + assert.Equal(t, []byte(`{"iss":"accounts.google.com"}`), idToken.claims) + assert.Equal(t, []byte(`{"iss":"accounts.google.com","aud":"client1"}`), idTokenWithClaims.claims) +}