synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-09 11:45:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: prevent authentication of non-unique oidc subjects (#16498)

Browse Source 
Any IdP returning an empty field here breaks the assumption of a
unique subject id. This is defined in the OIDC spec.
This commit is contained in:
Steven Masley
2025-02-10 09:31:08 -06:00
committed by GitHub
parent 695d552cd0
commit d0a534e30d
6 changed files with 92 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
enterprise/coderd/scim_test.go
View File

@ -10,6 +10,7 @@ import (
"testing"
"github.com/golang-jwt/jwt/v4"
"github.com/google/uuid"
"github.com/imulab/go-scim/pkg/v2/handlerutil"
"github.com/imulab/go-scim/pkg/v2/spec"
"github.com/stretchr/testify/assert"
@ -568,6 +569,7 @@ func TestScim(t *testing.T) {
//nolint:bodyclose
scimUserClient, _ := fake.Login(t, client, jwt.MapClaims{
"email": sUser.Emails[0].Value,
"sub": uuid.NewString(),
})
scimUser, err = scimUserClient.User(ctx, codersdk.Me)
require.NoError(t, err)
@ -836,6 +838,7 @@ func TestScim(t *testing.T) {
//nolint:bodyclose
scimUserClient, _ := fake.Login(t, client, jwt.MapClaims{
"email": sUser.Emails[0].Value,
"sub": uuid.NewString(),
})
scimUser, err = scimUserClient.User(ctx, codersdk.Me)
require.NoError(t, err)