openshift · openshift-merge-bot · Mar 12, 2024 · Mar 12, 2024
diff --git a/pkg/auth/auth_handler_test_utils.go b/pkg/auth/auth_handler_test_utils.go
@@ -34,7 +34,7 @@ func GetTokenAndCert(withLateIat bool) (string, []byte) {
 		"email":          "jdoe123@example.com",
 		"username":       "jdoe123@example.com",
 		"is_org_admin":   false,
-		"clientId":       "1234",
+		"client_id":      "1234",
 	}
 	if withLateIat {
 		mapClaims["iat"] = time.Now().Add(5 * time.Minute).Unix()

diff --git a/pkg/auth/rhsso_authenticator.go b/pkg/auth/rhsso_authenticator.go
@@ -133,7 +133,14 @@ func parseOCMPayload(userToken *jwt.Token) (*ocm.AuthPayload, error) {
 	payload.LastName, _ = claims["last_name"].(string)
 	payload.Organization, _ = claims["org_id"].(string)
 	payload.Email, _ = claims["email"].(string)
-	payload.ClientID, _ = claims["clientId"].(string)
+
+	// The `clientId` claim was replaced by `client_id` in order to be compliant with the OAuth2
+	// specification. We will still try to use the old `clientId` claim to support older
+	// environments where the change hasn't been made yet.
+	payload.ClientID, _ = claims["client_id"].(string)
+	if payload.ClientID == "" {
+		payload.ClientID, _ = claims["clientId"].(string)
+	}
 
 	// Check values, if empty, use alternative claims from RHD
 	if payload.Username == "" {