OIDC: pass id_token via id_token_hint on Manage Account interaction (#12499)

* Store id_token rather than just id_token_claims Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Pass id_token via `id_token_hint` on `Manage Account` interaction Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Fix tests Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --------- Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2025-07-28 15:22:05 +03:00 · 2024-05-07 12:27:37 +01:00
parent e2310e637c
commit 580bb5537d
8 changed files with 89 additions and 33 deletions
--- a/test/Lifecycle-test.ts
+++ b/test/Lifecycle-test.ts
@ -657,13 +657,8 @@ describe("Lifecycle", () => {
            const issuer = "https://auth.com/";

            const delegatedAuthConfig = makeDelegatedAuthConfig(issuer);
-            const idTokenClaims = {
-                aud: "123",
-                iss: issuer,
-                sub: "123",
-                exp: 123,
-                iat: 456,
-            };
+            const idToken =
+                "eyJhbGciOiJSUzI1NiIsImtpZCI6Imh4ZEhXb0Y5bW4ifQ.eyJzdWIiOiIwMUhQUDJGU0JZREU5UDlFTU04REQ3V1pIUiIsImlzcyI6Imh0dHBzOi8vYXV0aC1vaWRjLmxhYi5lbGVtZW50LmRldi8iLCJpYXQiOjE3MTUwNzE5ODUsImF1dGhfdGltZSI6MTcwNzk5MDMxMiwiY19oYXNoIjoidGt5R1RhUjU5aTk3YXoyTU4yMGdidyIsImV4cCI6MTcxNTA3NTU4NSwibm9uY2UiOiJxaXhwM0hFMmVaIiwiYXVkIjoiMDFIWDk0Mlg3QTg3REgxRUs2UDRaNjI4WEciLCJhdF9oYXNoIjoiNFlFUjdPRlVKTmRTeEVHV2hJUDlnZyJ9.HxODneXvSTfWB5Vc4cf7b8GiN2gdwUuTiyVqZuupWske2HkZiJZUt5Lsxg9BW3gz28POkE0Ln17snlkmy02B_AD3DQxKOOxQCzIIARHdfFvZxgGWsMdFcVQZDW7rtXcqgj-SpVaUQ_8acsgxSrz_DF2o0O4tto0PT6wVUiw8KlBmgWTscWPeAWe-39T-8EiQ8Wi16h6oSPcz2NzOQ7eOM_S9fDkOorgcBkRGLl1nrahrPSdWJSGAeruk5mX4YxN714YThFDyEA2t9YmKpjaiSQ2tT-Xkd7tgsZqeirNs2ni9mIiFX3bRX6t2AhUNzA7MaX9ZyizKGa6go3BESO_oDg";

            beforeAll(() => {
                fetchMock.get(
@ -682,7 +677,7 @@ describe("Lifecycle", () => {
            beforeEach(() => {
                initSessionStorageMock();
                // set values in session storage as they would be after a successful oidc authentication
-                persistOidcAuthenticatedSettings(clientId, issuer, idTokenClaims);
+                persistOidcAuthenticatedSettings(clientId, issuer, idToken);
            });

            it("should not try to create a token refresher without a refresh token", async () => {
@ -712,7 +707,7 @@ describe("Lifecycle", () => {
                    clientId,
                    // @ts-ignore set undefined issuer
                    undefined,
-                    idTokenClaims,
+                    idToken,
                );
                await setLoggedIn({
                    ...credentials,
@ -744,7 +739,7 @@ describe("Lifecycle", () => {

            it("should create a client when creating token refresher fails", async () => {
                // set invalid value in session storage for a malformed oidc authentication
-                persistOidcAuthenticatedSettings(null as any, issuer, idTokenClaims);
+                persistOidcAuthenticatedSettings(null as any, issuer, idToken);

                // succeeded
                expect(