From 148ec1e2e051c84631ab84fd9db8479433a3c532 Mon Sep 17 00:00:00 2001 From: James Elliott Date: Sat, 9 Apr 2022 09:35:13 +1000 Subject: [PATCH] fix(oidc): missing amr claim supported in discovery (#3147) This adds the AMR claim to discovery. --- internal/oidc/discovery.go | 1 + internal/oidc/provider_test.go | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/internal/oidc/discovery.go b/internal/oidc/discovery.go index f2619969d..730da07f9 100644 --- a/internal/oidc/discovery.go +++ b/internal/oidc/discovery.go @@ -30,6 +30,7 @@ func NewOpenIDConnectWellKnownConfiguration(enablePKCEPlainChallenge, pairwise b ScopeEmail, }, ClaimsSupported: []string{ + "amr", "aud", "exp", "iat", diff --git a/internal/oidc/provider_test.go b/internal/oidc/provider_test.go index 17784eee6..e06b05552 100644 --- a/internal/oidc/provider_test.go +++ b/internal/oidc/provider_test.go @@ -170,7 +170,8 @@ func TestOpenIDConnectProvider_NewOpenIDConnectProvider_GetOpenIDConnectWellKnow assert.Contains(t, disco.RequestObjectSigningAlgValuesSupported, "RS256") assert.Contains(t, disco.RequestObjectSigningAlgValuesSupported, "none") - assert.Len(t, disco.ClaimsSupported, 15) + assert.Len(t, disco.ClaimsSupported, 16) + assert.Contains(t, disco.ClaimsSupported, "amr") assert.Contains(t, disco.ClaimsSupported, "aud") assert.Contains(t, disco.ClaimsSupported, "exp") assert.Contains(t, disco.ClaimsSupported, "iat") @@ -244,8 +245,9 @@ func TestOpenIDConnectProvider_NewOpenIDConnectProvider_GetOAuth2WellKnownConfig assert.Contains(t, disco.ResponseTypesSupported, "code token id_token") assert.Contains(t, disco.ResponseTypesSupported, "none") - assert.Len(t, disco.ClaimsSupported, 15) + assert.Len(t, disco.ClaimsSupported, 16) assert.Contains(t, disco.ClaimsSupported, "aud") + assert.Contains(t, disco.ClaimsSupported, "amr") assert.Contains(t, disco.ClaimsSupported, "exp") assert.Contains(t, disco.ClaimsSupported, "iat") assert.Contains(t, disco.ClaimsSupported, "iss")