Skip to content

Add email claim to ID token #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 12, 2025
Merged

Add email claim to ID token #7

merged 3 commits into from
Oct 12, 2025

Conversation

Copy link
Contributor

Copilot AI commented Oct 12, 2025
edited
Loading

Summary

Fixes the issue where the mock OAuth2 server was not returning an email claim in the ID token. The ID token now includes the email claim along with the standard OpenID Connect claims.

Changes

The GenerateIDToken function has been updated to accept an email parameter and include it in the token claims. The email is automatically generated based on the client ID using the format {clientID}@example.com.

Before

ID tokens contained only these claims:

  • aud, exp, iat, iss, nonce, sub

After

ID tokens now include:

  • aud, exp, iat, iss, nonce, sub, email

Example

When a client exchanges an authorization code for tokens with client ID test-client, the decoded ID token payload now looks like:

{
  "iss": "http://localhost:8080",
  "sub": "user-test-client",
  "aud": "test-client",
  "exp": 1760286080,
  "iat": 1760282480,
  "nonce": "randomNonce123",
  "email": "[email protected]"
}

Testing

  • Updated all existing tests to pass the email parameter
  • Added verification that the email claim is present in generated ID tokens
  • All tests pass successfully with no regressions

Files Modified

  • internal/jwt/jwt.go - Added email parameter to GenerateIDToken and included email in claims
  • internal/jwt/jwt_test.go - Updated tests to verify email claim
  • internal/handlers/token.go - Updated to generate and pass email based on client ID
  • pkg/oauth/google.go - Updated OAuth provider to include email in ID tokens
Original prompt

This section details on the original issue you should resolve

<issue_title>shoud return email in claims</issue_title>
<issue_description>The mock server should return email in the id token claims - it is currently only returning

aud, exp, iat, iss, nonce, sub
```</issue_description>

## Comments on the Issue (you are @copilot in this section)

<comments>
</comments>

Fixes #6

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI changed the title [WIP] Add email to claims in mock server's id token Add email claim to ID token Oct 12, 2025
Copilot AI requested a review from chrisw-dev October 12, 2025 15:23
Copilot finished work on behalf of chrisw-dev October 12, 2025 15:23
@chrisw-dev chrisw-dev marked this pull request as ready for review October 12, 2025 20:07
@chrisw-dev chrisw-dev merged commit 97de52b into main Oct 12, 2025
1 check passed
@chrisw-dev chrisw-dev deleted the copilot/add-email-to-id-token-claims branch October 12, 2025 20:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@chrisw-dev chrisw-dev chrisw-dev approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@chrisw-dev chrisw-dev

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

shoud return email in claims

2 participants

@chrisw-dev