From c6820ba88a24df28bd2c6e542183f845b22a900f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <tim+github@zitadel.com>
Date: Wed, 15 Mar 2023 15:44:49 +0200
Subject: [PATCH] fix: unmarshalling of scopes in access token (#327)

The Scopes field in accessTokenClaims should be a  SpaceDelimitedArray,
in order to allow for correct unmarshalling.

Fixes #318

* adjust test data
---
 pkg/oidc/regression_data/oidc.AccessTokenClaims.json | 5 +----
 pkg/oidc/token.go                                    | 4 ++--
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/pkg/oidc/regression_data/oidc.AccessTokenClaims.json b/pkg/oidc/regression_data/oidc.AccessTokenClaims.json
index e4f7808..b63bf30 100644
--- a/pkg/oidc/regression_data/oidc.AccessTokenClaims.json
+++ b/pkg/oidc/regression_data/oidc.AccessTokenClaims.json
@@ -13,10 +13,7 @@
 		"some",
 		"methods"
 	],
-	"scope": [
-		"email",
-		"phone"
-	],
+	"scope": "email phone",
 	"client_id": "777",
 	"exp": 12345,
 	"iat": 12000,
diff --git a/pkg/oidc/token.go b/pkg/oidc/token.go
index 1ade913..b017023 100644
--- a/pkg/oidc/token.go
+++ b/pkg/oidc/token.go
@@ -97,8 +97,8 @@ func (c *TokenClaims) SetSignatureAlgorithm(algorithm jose.SignatureAlgorithm) {
 
 type AccessTokenClaims struct {
 	TokenClaims
-	Scopes []string       `json:"scope,omitempty"`
-	Claims map[string]any `json:"-"`
+	Scopes SpaceDelimitedArray `json:"scope,omitempty"`
+	Claims map[string]any      `json:"-"`
 }
 
 func NewAccessTokenClaims(issuer, subject string, audience []string, expiration time.Time, jwtid, clientID string, skew time.Duration) *AccessTokenClaims {