test(jwt): document why arrays are invalid for SpaceDelimited scope

Scope is a space-delimited string per RFC 6749 §3.3. A token with "scope":[] indicates an issuer bug ([]string instead of SpaceDelimited in the claims struct). Adds array cases to the existing invalid test and explains the expected root cause.
2026-03-28 18:15:30 +00:00 · 2026-03-26 18:21:28 -06:00 · 2026-03-26 18:21:28 -06:00 · d83751ad50
commit d83751ad50
parent 95cf5941c4
1 changed files with 5 additions and 8 deletions
--- a/auth/jwt/coverage_test.go
+++ b/auth/jwt/coverage_test.go
@ -220,22 +220,19 @@ func TestCov_SpaceDelimited_UnmarshalJSON(t *testing.T) {
 			t.Fatalf("expected empty, got %v", s)
 		}
 	})
 	// Scope must be a space-delimited string per RFC 6749 §3.3, not a number or
 	// JSON array. If a token arrives with "scope":[] the issuer has a bug (e.g.
 	// using []string instead of SpaceDelimited in its claims struct).
 	t.Run("invalid", func(t *testing.T) {
 		var s SpaceDelimited
 		if err := json.Unmarshal([]byte(`123`), &s); err == nil {
 			t.Fatal("expected error")
 		}
 	})
 	// Scope must be a space-delimited string per RFC 6749 §3.3, not a JSON array.
 	// If a token arrives with "scope":[] it means the issuer has a bug (e.g. using
 	// []string instead of SpaceDelimited in its claims struct).
 	t.Run("array_is_invalid", func(t *testing.T) {
 		var s SpaceDelimited
 		if err := json.Unmarshal([]byte(`[]`), &s); err == nil {
-			t.Fatal("expected error for array-typed scope; issuer may have a []string bug")
+			t.Fatal("expected error")
 		}
 		if err := json.Unmarshal([]byte(`["openid","profile"]`), &s); err == nil {
-			t.Fatal("expected error for array-typed scope; issuer may have a []string bug")
+			t.Fatal("expected error")
 		}
 	})
 }