From d766e247a9022e4b61a0bd861d8bb222aea20995 Mon Sep 17 00:00:00 2001
From: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
Date: Thu, 14 Oct 2021 10:48:08 +0200
Subject: [PATCH] refactor: safer implementation for getting sid claim from
 id_token

---
 pkg/token/token.go | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/pkg/token/token.go b/pkg/token/token.go
index f5f9321..a8d8baa 100644
--- a/pkg/token/token.go
+++ b/pkg/token/token.go
@@ -24,9 +24,18 @@ func (in *IDToken) Validate(opts ...jwt.ValidateOption) error {
 	return nil
 }
 
-func (in *IDToken) GetSID() (string, bool) {
+func (in *IDToken) GetSID() (string, error) {
 	sid, ok := in.Token.Get("sid")
-	return sid.(string), ok
+	if !ok {
+		return "", fmt.Errorf("missing required 'sid' claim in id_token")
+	}
+
+	sidString, ok := sid.(string)
+	if !ok {
+		return "", fmt.Errorf("'sid' claim is not a string")
+	}
+
+	return sidString, nil
 }
 
 func ParseIDToken(jwks jwk.Set, token *oauth2.Token) (*IDToken, error) {