feat(op): allow scope without openid

This changes removes the requirement of the openid scope to be set for all token requests. As this library also support OAuth2-only authentication mechanisms we still want to sanitize requested scopes, but not enforce the openid scope. Related to https://github.com/zitadel/zitadel/discussions/8068
2024-06-12 11:06:52 +02:00 · 2024-06-12 11:06:52 +02:00 · 0c1430724f
commit 0c1430724f
parent 9ecdd0cf9a
2 changed files with 8 additions and 36 deletions
--- a/pkg/op/auth_request_test.go
+++ b/pkg/op/auth_request_test.go
@ -137,11 +137,6 @@ func TestValidateAuthRequest(t *testing.T) {
 			args{&oidc.AuthRequest{}, mock.NewMockStorageExpectValidClientID(t), nil},
 			oidc.ErrInvalidRequest(),
 		},
-		{
-			"scope openid missing fails",
-			args{&oidc.AuthRequest{Scopes: []string{"profile"}}, mock.NewMockStorageExpectValidClientID(t), nil},
-			oidc.ErrInvalidScope(),
-		},
 		{
 			"response_type missing fails",
 			args{&oidc.AuthRequest{Scopes: []string{"openid"}}, mock.NewMockStorageExpectValidClientID(t), nil},
@ -287,16 +282,6 @@ func TestValidateAuthReqScopes(t *testing.T) {
 				err: true,
 			},
 		},
-		{
-			"scope openid missing fails",
-			args{
-				mock.NewClientExpectAny(t, op.ApplicationTypeWeb),
-				[]string{"email"},
-			},
-			res{
-				err: true,
-			},
-		},
 		{
 			"scope ok",
 			args{