summaryrefslogtreecommitdiff
path: root/internal/oidc/discovery_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/oidc/discovery_test.go')
-rw-r--r--internal/oidc/discovery_test.go64
1 files changed, 49 insertions, 15 deletions
diff --git a/internal/oidc/discovery_test.go b/internal/oidc/discovery_test.go
index f9fa794dc..91c5cd6cf 100644
--- a/internal/oidc/discovery_test.go
+++ b/internal/oidc/discovery_test.go
@@ -181,12 +181,14 @@ func TestNewOpenIDConnectProvider_GetOpenIDConnectWellKnownConfiguration(t *test
assert.Len(t, disco.CodeChallengeMethodsSupported, 1)
assert.Contains(t, disco.CodeChallengeMethodsSupported, oidc.PKCEChallengeMethodSHA256)
- assert.Len(t, disco.ScopesSupported, 5)
+ assert.Len(t, disco.ScopesSupported, 7)
assert.Contains(t, disco.ScopesSupported, oidc.ScopeOpenID)
assert.Contains(t, disco.ScopesSupported, oidc.ScopeOfflineAccess)
assert.Contains(t, disco.ScopesSupported, oidc.ScopeProfile)
assert.Contains(t, disco.ScopesSupported, oidc.ScopeGroups)
assert.Contains(t, disco.ScopesSupported, oidc.ScopeEmail)
+ assert.Contains(t, disco.ScopesSupported, oidc.ScopeAddress)
+ assert.Contains(t, disco.ScopesSupported, oidc.ScopePhone)
assert.Len(t, disco.ResponseModesSupported, 7)
assert.Contains(t, disco.ResponseModesSupported, oidc.ResponseModeFormPost)
@@ -232,7 +234,7 @@ func TestNewOpenIDConnectProvider_GetOpenIDConnectWellKnownConfiguration(t *test
assert.Equal(t, []string{oidc.SigningAlgRSAUsingSHA256, oidc.SigningAlgNone}, disco.UserinfoSigningAlgValuesSupported)
assert.Equal(t, []string{oidc.SigningAlgRSAUsingSHA256, oidc.SigningAlgRSAUsingSHA384, oidc.SigningAlgRSAUsingSHA512, oidc.SigningAlgECDSAUsingP256AndSHA256, oidc.SigningAlgECDSAUsingP384AndSHA384, oidc.SigningAlgECDSAUsingP521AndSHA512, oidc.SigningAlgRSAPSSUsingSHA256, oidc.SigningAlgRSAPSSUsingSHA384, oidc.SigningAlgRSAPSSUsingSHA512, oidc.SigningAlgNone}, disco.RequestObjectSigningAlgValuesSupported)
- assert.Len(t, disco.ClaimsSupported, 18)
+ assert.Len(t, disco.ClaimsSupported, 33)
assert.Contains(t, disco.ClaimsSupported, oidc.ClaimAuthenticationMethodsReference)
assert.Contains(t, disco.ClaimsSupported, oidc.ClaimAudience)
assert.Contains(t, disco.ClaimsSupported, oidc.ClaimAuthorizedParty)
@@ -245,12 +247,27 @@ func TestNewOpenIDConnectProvider_GetOpenIDConnectWellKnownConfiguration(t *test
assert.Contains(t, disco.ClaimsSupported, oidc.ClaimSubject)
assert.Contains(t, disco.ClaimsSupported, oidc.ClaimAuthenticationTime)
assert.Contains(t, disco.ClaimsSupported, oidc.ClaimNonce)
- assert.Contains(t, disco.ClaimsSupported, oidc.ClaimPreferredEmail)
- assert.Contains(t, disco.ClaimsSupported, oidc.ClaimEmailVerified)
assert.Contains(t, disco.ClaimsSupported, oidc.ClaimEmailAlts)
assert.Contains(t, disco.ClaimsSupported, oidc.ClaimGroups)
- assert.Contains(t, disco.ClaimsSupported, oidc.ClaimPreferredUsername)
assert.Contains(t, disco.ClaimsSupported, oidc.ClaimFullName)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimGivenName)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimFamilyName)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimMiddleName)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimNickname)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimPreferredUsername)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimProfile)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimPicture)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimWebsite)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimEmail)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimEmailVerified)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimGender)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimBirthdate)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimZoneinfo)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimLocale)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimPhoneNumber)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimPhoneNumberVerified)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimAddress)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimUpdatedAt)
assert.Len(t, disco.PromptValuesSupported, 4)
assert.Contains(t, disco.PromptValuesSupported, oidc.PromptConsent)
@@ -295,12 +312,14 @@ func TestNewOpenIDConnectProvider_GetOAuth2WellKnownConfiguration(t *testing.T)
require.Len(t, disco.CodeChallengeMethodsSupported, 1)
assert.Equal(t, "S256", disco.CodeChallengeMethodsSupported[0])
- assert.Len(t, disco.ScopesSupported, 5)
- assert.Contains(t, disco.ScopesSupported, oidc.ScopeOpenID)
+ assert.Len(t, disco.ScopesSupported, 7)
assert.Contains(t, disco.ScopesSupported, oidc.ScopeOfflineAccess)
+ assert.Contains(t, disco.ScopesSupported, oidc.ScopeOpenID)
assert.Contains(t, disco.ScopesSupported, oidc.ScopeProfile)
- assert.Contains(t, disco.ScopesSupported, oidc.ScopeGroups)
assert.Contains(t, disco.ScopesSupported, oidc.ScopeEmail)
+ assert.Contains(t, disco.ScopesSupported, oidc.ScopeAddress)
+ assert.Contains(t, disco.ScopesSupported, oidc.ScopePhone)
+ assert.Contains(t, disco.ScopesSupported, oidc.ScopeGroups)
assert.Len(t, disco.ResponseModesSupported, 7)
assert.Contains(t, disco.ResponseModesSupported, oidc.ResponseModeFormPost)
@@ -337,7 +356,7 @@ func TestNewOpenIDConnectProvider_GetOAuth2WellKnownConfiguration(t *testing.T)
assert.Contains(t, disco.GrantTypesSupported, oidc.GrantTypeClientCredentials)
assert.Contains(t, disco.GrantTypesSupported, oidc.GrantTypeRefreshToken)
- assert.Len(t, disco.ClaimsSupported, 18)
+ assert.Len(t, disco.ClaimsSupported, 33)
assert.Contains(t, disco.ClaimsSupported, oidc.ClaimAuthenticationMethodsReference)
assert.Contains(t, disco.ClaimsSupported, oidc.ClaimAudience)
assert.Contains(t, disco.ClaimsSupported, oidc.ClaimAuthorizedParty)
@@ -345,17 +364,32 @@ func TestNewOpenIDConnectProvider_GetOAuth2WellKnownConfiguration(t *testing.T)
assert.Contains(t, disco.ClaimsSupported, oidc.ClaimExpirationTime)
assert.Contains(t, disco.ClaimsSupported, oidc.ClaimIssuedAt)
assert.Contains(t, disco.ClaimsSupported, oidc.ClaimIssuer)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimSubject)
assert.Contains(t, disco.ClaimsSupported, oidc.ClaimJWTID)
assert.Contains(t, disco.ClaimsSupported, oidc.ClaimRequestedAt)
- assert.Contains(t, disco.ClaimsSupported, oidc.ClaimSubject)
assert.Contains(t, disco.ClaimsSupported, oidc.ClaimAuthenticationTime)
assert.Contains(t, disco.ClaimsSupported, oidc.ClaimNonce)
- assert.Contains(t, disco.ClaimsSupported, oidc.ClaimPreferredEmail)
- assert.Contains(t, disco.ClaimsSupported, oidc.ClaimEmailVerified)
- assert.Contains(t, disco.ClaimsSupported, oidc.ClaimEmailAlts)
assert.Contains(t, disco.ClaimsSupported, oidc.ClaimGroups)
- assert.Contains(t, disco.ClaimsSupported, oidc.ClaimPreferredUsername)
assert.Contains(t, disco.ClaimsSupported, oidc.ClaimFullName)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimGivenName)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimFamilyName)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimMiddleName)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimNickname)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimPreferredUsername)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimProfile)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimPicture)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimWebsite)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimEmail)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimEmailVerified)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimEmailAlts)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimGender)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimBirthdate)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimZoneinfo)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimLocale)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimPhoneNumber)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimPhoneNumberVerified)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimAddress)
+ assert.Contains(t, disco.ClaimsSupported, oidc.ClaimUpdatedAt)
}
func TestNewOpenIDConnectProvider_GetOpenIDConnectWellKnownConfigurationWithPlainPKCE(t *testing.T) {
@@ -472,7 +506,7 @@ func TestNewOpenIDConnectWellKnownConfiguration_Copy(t *testing.T) {
RequestParameterSupported: true,
RequestURIParameterSupported: true,
RequireRequestURIRegistration: true,
- ClaimsParameterSupported: false,
+ ClaimsParameterSupported: true,
},
OpenIDConnectFrontChannelLogoutDiscoveryOptions: &oidc.OpenIDConnectFrontChannelLogoutDiscoveryOptions{
FrontChannelLogoutSupported: false,