client auth tests

client.go

@@ -394,7 +394,7 @@ type RequestedAudienceImplicitClient interface {
 type IntrospectionJWTResponseClient interface {
 	// GetIntrospectionSignedResponseKeyID returns the specific key identifier used to satisfy JWS requirements for
 	// OAuth 2.0 JWT introspection response specifications. If unspecified the other available parameters will be
-	//	// utilized to select an appropriate key.
+	// utilized to select an appropriate key.
 	GetIntrospectionSignedResponseKeyID() (kid string)
 
 	// GetIntrospectionSignedResponseAlg is equivalent to the 'introspection_signed_response_alg' client metadata
@@ -405,7 +405,7 @@ type IntrospectionJWTResponseClient interface {
 
 	// GetIntrospectionEncryptedResponseKeyID returns the specific key identifier used to satisfy JWE requirements for
 	// OAuth 2.0 JWT introspection response specifications. If unspecified the other available parameters will be
-	//	// utilized to select an appropriate key.
+	// utilized to select an appropriate key.
 	GetIntrospectionEncryptedResponseKeyID() (kid string)
 
 	// GetIntrospectionEncryptedResponseAlg is equivalent to the 'introspection_encrypted_response_alg' client metadata

token/jwt/claims_map_test.go

@@ -9,6 +9,7 @@ import (
 	"time"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 
 	"authelia.com/provider/oauth2/internal/consts"
 )
@@ -143,7 +144,7 @@ func TestMapClaims_VerifyAudienceAll(t *testing.T) {
 			true,
 		},
 		{
-			"ShouldFailMultipleAny",
+			"ShouldFailMultipleAll",
 			MapClaims{
 				consts.ClaimAudience: []string{"foo"},
 			},
@@ -273,7 +274,7 @@ func TestMapClaims_VerifyAudienceAny(t *testing.T) {
 			true,
 		},
 		{
-			"ShouldFailMultipleAny",
+			"ShouldPassMultipleAny",
 			MapClaims{
 				consts.ClaimAudience: []string{"foo"},
 			},
@@ -864,7 +865,7 @@ func TestMapClaims_Valid(t *testing.T) {
 		{
 			"ShouldFailEXPNotPresent",
 			MapClaims{},
-			[]ClaimValidationOption{ValidateRequireExpiresAt()},
+			[]ClaimValidationOption{ValidateRequireExpiresAt(), ValidateTimeFunc(func() time.Time { return time.Unix(0, 0) })},
 			[]uint32{ValidationErrorExpired},
 			"Token is expired",
 		},
@@ -995,6 +996,8 @@ func TestMapClaims_Valid(t *testing.T) {
 
 				errors.As(actual, &e)
 
+				require.NotNil(t, e)
+
 				var errs uint32
 
 				for _, err := range tc.errs {

token/jwt/client.go

@@ -420,7 +420,7 @@ func (r *decoratedJWTProfileAccessTokenClient) IsClientSigned() (is bool) {
 type IntrospectionClient interface {
 	// GetIntrospectionSignedResponseKeyID returns the specific key identifier used to satisfy JWS requirements for
 	// OAuth 2.0 JWT introspection response specifications. If unspecified the other available parameters will be
-	//	// utilized to select an appropriate key.
+	// utilized to select an appropriate key.
 	GetIntrospectionSignedResponseKeyID() (kid string)
 
 	// GetIntrospectionSignedResponseAlg is equivalent to the 'introspection_signed_response_alg' client metadata
@@ -431,7 +431,7 @@ type IntrospectionClient interface {
 
 	// GetIntrospectionEncryptedResponseKeyID returns the specific key identifier used to satisfy JWE requirements for
 	// OAuth 2.0 JWT introspection response specifications. If unspecified the other available parameters will be
-	//	// utilized to select an appropriate key.
+	// utilized to select an appropriate key.
 	GetIntrospectionEncryptedResponseKeyID() (kid string)
 
 	// GetIntrospectionEncryptedResponseAlg is equivalent to the 'introspection_encrypted_response_alg' client metadata