refactor: safer implementation for getting sid claim from id_token

2026-05-20 15:22:58 +00:00 · 2021-10-14 10:48:08 +02:00
parent 4d437063b9
commit d766e247a9
1 changed files with 11 additions and 2 deletions
--- a/pkg/token/token.go
+++ b/pkg/token/token.go
@@ -24,9 +24,18 @@ func (in *IDToken) Validate(opts ...jwt.ValidateOption) error {
 	return nil
 }

-func (in *IDToken) GetSID() (string, bool) {
+func (in *IDToken) GetSID() (string, error) {
 	sid, ok := in.Token.Get("sid")
-	return sid.(string), ok
+	if !ok {
+		return "", fmt.Errorf("missing required 'sid' claim in id_token")
+	}
+
+	sidString, ok := sid.(string)
+	if !ok {
+		return "", fmt.Errorf("'sid' claim is not a string")
+	}
+
+	return sidString, nil
 }

 func ParseIDToken(jwks jwk.Set, token *oauth2.Token) (*IDToken, error) {