OIDC: persist id token claims (#11691)

* persist idTokenClaims * tests * remove unused cde
2025-07-30 02:21:17 +03:00 · 2023-10-04 17:06:04 +13:00
parent 1c553eae4e
commit feb7e9899b
6 changed files with 70 additions and 24 deletions
--- a/test/utils/oidc/authorize-test.ts
+++ b/test/utils/oidc/authorize-test.ts
@ -104,15 +104,24 @@ describe("OIDC authorization", () => {
        };

        beforeEach(() => {
-            mocked(completeAuthorizationCodeGrant).mockClear().mockResolvedValue({
-                oidcClientSettings: {
-                    clientId,
-                    issuer,
-                },
-                tokenResponse,
-                homeserverUrl,
-                identityServerUrl,
-            });
+            mocked(completeAuthorizationCodeGrant)
+                .mockClear()
+                .mockResolvedValue({
+                    oidcClientSettings: {
+                        clientId,
+                        issuer,
+                    },
+                    tokenResponse,
+                    homeserverUrl,
+                    identityServerUrl,
+                    idTokenClaims: {
+                        aud: "123",
+                        iss: issuer,
+                        sub: "123",
+                        exp: 123,
+                        iat: 456,
+                    },
+                });
        });

        it("should throw when query params do not include state and code", async () => {
@ -137,6 +146,7 @@ describe("OIDC authorization", () => {
                identityServerUrl,
                issuer,
                clientId,
+                idTokenClaims: result.idTokenClaims,
            });
        });
    });
--- a/test/utils/oidc/persistOidcSettings-test.ts
+++ b/test/utils/oidc/persistOidcSettings-test.ts
@ -14,6 +14,8 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */

+import { IdTokenClaims } from "oidc-client-ts";
+
 import {
    getStoredOidcClientId,
    getStoredOidcTokenIssuer,
@ -29,12 +31,25 @@ describe("persist OIDC settings", () => {

    const clientId = "test-client-id";
    const issuer = "https://auth.org/";
+    const idTokenClaims: IdTokenClaims = {
+        // audience is this client
+        aud: "123",
+        // issuer matches
+        iss: issuer,
+        sub: "123",
+        exp: 123,
+        iat: 456,
+    };

    describe("persistOidcAuthenticatedSettings", () => {
        it("should set clientId and issuer in session storage", () => {
-            persistOidcAuthenticatedSettings(clientId, issuer);
+            persistOidcAuthenticatedSettings(clientId, issuer, idTokenClaims);
            expect(sessionStorage.setItem).toHaveBeenCalledWith("mx_oidc_client_id", clientId);
            expect(sessionStorage.setItem).toHaveBeenCalledWith("mx_oidc_token_issuer", issuer);
+            expect(sessionStorage.setItem).toHaveBeenCalledWith(
+                "mx_oidc_id_token_claims",
+                JSON.stringify(idTokenClaims),
+            );
        });
    });

@ -50,7 +65,7 @@ describe("persist OIDC settings", () => {
        });
    });

-    describe("Name of the group", () => {
+    describe("getStoredOidcClientId()", () => {
        it("should return clientId from session storage", () => {
            jest.spyOn(sessionStorage.__proto__, "getItem").mockReturnValue(clientId);
            expect(getStoredOidcClientId()).toEqual(clientId);