additionalClaims claim should not be present when no sub claims are expected

Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
This commit is contained in:
Joshua Casey 2023-01-17 11:58:03 -06:00
parent 2633d72ce2
commit f494c61790

View File

@ -2247,7 +2247,11 @@ func verifyTokenResponse(
require.ElementsMatch(t, wantDownstreamIDTokenGroups, idTokenClaims["groups"]) require.ElementsMatch(t, wantDownstreamIDTokenGroups, idTokenClaims["groups"])
// Check the "additionalClaims" claim. // Check the "additionalClaims" claim.
if len(wantDownstreamIDTokenAdditionalClaims) > 0 {
require.Equal(t, wantDownstreamIDTokenAdditionalClaims, idTokenClaims["additionalClaims"]) require.Equal(t, wantDownstreamIDTokenAdditionalClaims, idTokenClaims["additionalClaims"])
} else {
require.NotContains(t, idTokenClaims, "additionalClaims", "additionalClaims claim should not be present when no sub claims are expected")
}
// Some light verification of the other tokens that were returned. // Some light verification of the other tokens that were returned.
require.NotEmpty(t, tokenResponse.AccessToken) require.NotEmpty(t, tokenResponse.AccessToken)