Skip to content

auth/oidc: test slice-typed extra claims comparison#1245

Merged
rdimitrov merged 3 commits intomainfrom
oidc-extra-claims-tests
May 4, 2026
Merged

auth/oidc: test slice-typed extra claims comparison#1245
rdimitrov merged 3 commits intomainfrom
oidc-extra-claims-tests

Conversation

@rdimitrov
Copy link
Copy Markdown
Member

@rdimitrov rdimitrov commented May 4, 2026
edited
Loading

Summary

Follow-up to #1238 (closes #988). Adds direct unit-test coverage for the claimMatches helper, which was the actual change in #1238.

claimMatches and toAnySlice are unexported, so the tests live in oidc_internal_test.go (package auth) — same pattern as http_internal_test.go. Cases covered:

  • scalar/scalar match and mismatch
  • scalar actual against array expected (both directions of overlap)
  • array actual against scalar expected
  • array/array — pre-auth/oidc: support slice-typed extra claims via overlap match #1238 this combination panicked with comparing uncomparable type []interface {}
  • []string typed slice (exercises the typed-slice branch of toAnySlice, which []any skips)
  • non-string scalars (int, bool)
  • empty actual array

Test values use single letters (x, y, p, q) rather than role labels — only the relationships matter, and short tokens keep goconst quiet.

Test plan

  • go test ./internal/api/handlers/v0/auth/... — all 13 subtests pass
  • golangci-lint run ./internal/api/handlers/v0/auth/... — no new issues vs main

rdimitrov added 3 commits May 4, 2026 13:39
@rdimitrov
auth/oidc: test slice-typed extra claims comparison
3c107c5 
Adds coverage for the value-type combinations claimMatches handles:
scalar/array (both directions), array/array overlap, []string-typed
claims, and missing-claim. Refactors shared config into testOIDCConfig
to keep new test cases concise.

Follow-up to #1238, addresses #988.
@rdimitrov
auth/oidc: drop unused goconst nolint directives
f9d6b7b 
The CI lint version (golangci-lint v2.11.4) doesn't trigger goconst on
these lines, so the //nolint:goconst comments were flagged as unused by
nolintlint.
@rdimitrov
auth/oidc: replace integration-style tests with focused unit tests
a1dee0b 
Drops the heavyweight ExchangeToken-based test cases added in earlier
commits on this branch. The actual change in #1238 is the claimMatches
helper, which is much simpler to cover with direct unit tests. Reverts
the existing oidc_test.go to its main-branch state and adds a new
oidc_internal_test.go (package auth) with table-driven cases for
scalar/array/[]string combinations.
@rdimitrov rdimitrov merged commit dfaa8f3 into main May 4, 2026
5 checks passed
@rdimitrov rdimitrov deleted the oidc-extra-claims-tests branch May 4, 2026 10:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Extra claims validation breaks for non-string claim values

1 participant

@rdimitrov