Closed ymarcus93 closed 5 months ago
hey @ymarcus93 thanks for the fix and totally agree on that. Since scope
and depending on the authentication also client_id
and client_secret
are optional, I'd add the omitempty
tag there as well.
@livio-a Rebased and pushed b03e835 with omitempty
on scope
, client_id
, and client_secret
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 62.04%. Comparing base (
0992c5f
) to head (b03e835
). Report is 56 commits behind head on main.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
:tada: This PR is included in version 3.23.2 :tada:
The release is available on GitHub release
Your semantic-release bot :package::rocket:
The OIDC spec's definition of a refresh request does not include
client_assertion
orclient_assertion_type
as valid parameters for the refresh request. See request format here: https://openid.net/specs/openid-connect-core-1_0.html#RefreshingAccessToken. The document only displaysclient_id
,client_secret
,grant_type
,refresh_token
, andscope
as acceptable parameters.Therefore, I propose we add the
omitempty
tags to theClientAssertion
andClientAssertionType
fields inRefreshTokenRequest
, so that the token refresh functionality provided byrp.RefreshTokens
can work with identity providers that may have additional logic or different expectations when these fields are included in the refresh token request.For example, when attempting to construct an OIDC client via
rp.RelyingParty
against an Okta identity provider, I ran into issues when performing refresh withrp.RefreshTokens
. The Okta identity provider returnedhttp status not ok: 400 Bad Request {"error":"invalid_request","error_description":"The client_assertion_type is invalid."}
as an error. I assume I'm receiving this error because I'm calling theRefreshTokens
func withclientAssertion=""
andclientAssertionType=""
; the addition of theomitempty
tags resolves this issue and hopefully future proofs this library against other identity providers that have the same behavior.Definition of Ready