mirrors/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-08-31 14:36:47 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix: remove trailing slash from the issuer in oauth claims (#8028)

Browse source 
- Trim the ending slash '/' from the URL used in the OpenID Connect "well_known" endpoint and in the JWT tokens issued by Forgejo.
- This makes it compliant with the OpenID specification. https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig
- Resolves #7941

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8028
Reviewed-by: Lucas <sclu1034@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: jmaasing <jmaasing@noreply.codeberg.org>
Co-committed-by: jmaasing <jmaasing@noreply.codeberg.org>
This commit is contained in:
jmaasing 2025-06-10 20:46:17 +02:00 committed by Gusted
commit 5391f43888
4 changed files with 20 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
routers/web/auth/oauth_test.go
View file

@ -51,6 +51,7 @@ func TestNewAccessTokenResponse_OIDCToken(t *testing.T) {
// Scopes: openid
oidcToken := createAndParseToken(t, grants[0])
assert.Equal(t, "https://try.gitea.io", oidcToken.RegisteredClaims.Issuer)
assert.Empty(t, oidcToken.Name)
assert.Empty(t, oidcToken.PreferredUsername)
assert.Empty(t, oidcToken.Profile)
@ -67,6 +68,7 @@ func TestNewAccessTokenResponse_OIDCToken(t *testing.T) {
// Scopes: openid profile email
oidcToken = createAndParseToken(t, grants[0])
assert.Equal(t, "https://try.gitea.io", oidcToken.RegisteredClaims.Issuer)
assert.Equal(t, "User Five", oidcToken.Name)
assert.Equal(t, "user5", oidcToken.PreferredUsername)
assert.Equal(t, "https://try.gitea.io/user5", oidcToken.Profile)