root/golib
1
0
Fork 0
mirror of https://github.com/therootcompany/golib.git synced 2026-03-31 10:07:59 +00:00
Code Issues Projects Releases Wiki Activity

test(jwt): assert arrays are invalid for SpaceDelimited scope

Browse Source 
Scope must be a space-delimited string per RFC 6749 §3.3, not a JSON
array. Adds [] and ["openid","profile"] cases to the existing invalid
sub-test with a comment explaining the likely root cause: an issuer
using []string instead of SpaceDelimited in its claims struct.
This commit is contained in:
AJ ONeal 2026-03-30 17:25:32 -06:00
parent 23ddc5b0ea
commit 77c256a9c2
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
auth/jwt/coverage_test.go
View File

@ -220,11 +220,20 @@ func TestCov_SpaceDelimited_UnmarshalJSON(t *testing.T) {
t.Fatalf("expected empty, got %v", s)
}
})
// Scope must be a space-delimited string per RFC 6749 §3.3, not a number or
// JSON array. If a token arrives with "scope":[] the issuer has a bug (e.g.
// using []string instead of SpaceDelimited in its claims struct).
t.Run("invalid", func(t *testing.T) {
var s SpaceDelimited
if err := json.Unmarshal([]byte(`123`), &s); err == nil {
t.Fatal("expected error")
}
if err := json.Unmarshal([]byte(`[]`), &s); err == nil {
t.Fatal("expected error")
}
if err := json.Unmarshal([]byte(`["openid","profile"]`), &s); err == nil {
t.Fatal("expected error")
}
})
}