diff options
Diffstat (limited to 'spec/requests/openid_connect_spec.rb')
-rw-r--r-- | spec/requests/openid_connect_spec.rb | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/spec/requests/openid_connect_spec.rb b/spec/requests/openid_connect_spec.rb index 785ab98a3d0..7b682d76150 100644 --- a/spec/requests/openid_connect_spec.rb +++ b/spec/requests/openid_connect_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe 'OpenID Connect requests' do +RSpec.describe 'OpenID Connect requests' do let(:user) do create( :user, @@ -146,8 +146,16 @@ describe 'OpenID Connect requests' do expect(@payload['auth_time']).to eq user.current_sign_in_at.to_i end + it 'has public email in email claim' do + expect(@payload['email']).to eq(user.public_email) + end + + it 'has true in email_verified claim' do + expect(@payload['email_verified']).to eq(true) + end + it 'does not include any unknown properties' do - expect(@payload.keys).to eq %w[iss sub aud exp iat auth_time sub_legacy] + expect(@payload.keys).to eq %w[iss sub aud exp iat auth_time sub_legacy email email_verified] end end @@ -211,5 +219,20 @@ describe 'OpenID Connect requests' do expect(json_response['email_verified']).to eq(true) end end + + context 'ID token payload' do + before do + request_access_token! + @payload = JSON::JWT.decode(json_response['id_token'], :skip_verification) + end + + it 'has private email in email claim' do + expect(@payload['email']).to eq(user.email) + end + + it 'has true in email_verified claim' do + expect(@payload['email_verified']).to eq(true) + end + end end end |