From 2b730f1c32eb0f654de5124e3f0e215a7760490f Mon Sep 17 00:00:00 2001 From: Trong Huu Nguyen Date: Thu, 14 Jul 2022 09:17:29 +0200 Subject: [PATCH] refactor(openid/client): scope is not required for client assertions --- pkg/openid/client/client.go | 1 - pkg/openid/client/client_test.go | 4 ---- 2 files changed, 5 deletions(-) diff --git a/pkg/openid/client/client.go b/pkg/openid/client/client.go index 76660b0..04a9327 100644 --- a/pkg/openid/client/client.go +++ b/pkg/openid/client/client.go @@ -114,7 +114,6 @@ func (c client) MakeAssertion(expiration time.Duration) (string, error) { errs = append(errs, tok.Set(jwt.IssuerKey, clientCfg.GetClientID())) errs = append(errs, tok.Set(jwt.SubjectKey, clientCfg.GetClientID())) errs = append(errs, tok.Set(jwt.AudienceKey, providerCfg.Issuer)) - errs = append(errs, tok.Set("scope", clientCfg.GetScopes().String())) errs = append(errs, tok.Set(jwt.IssuedAtKey, iat)) errs = append(errs, tok.Set(jwt.ExpirationKey, exp)) errs = append(errs, tok.Set(jwt.JwtIDKey, uuid.New().String())) diff --git a/pkg/openid/client/client_test.go b/pkg/openid/client/client_test.go index 465e9fd..27e2f3c 100644 --- a/pkg/openid/client/client_test.go +++ b/pkg/openid/client/client_test.go @@ -40,10 +40,6 @@ func TestMakeAssertion(t *testing.T) { assert.Equal(t, "some-client-id", assertion.Issuer()) assert.Equal(t, "some-client-id", assertion.Subject()) - scps, ok := assertion.Get("scope") - assert.True(t, ok) - assert.Equal(t, "openid", scps) - assert.True(t, assertion.IssuedAt().Before(time.Now())) assert.True(t, assertion.Expiration().After(time.Now())) assert.True(t, assertion.Expiration().Before(time.Now().Add(expiry)))