Trek_CN/server/tests/unit
Julien G. 7798d2a3fd
fix(oidc): normalize id_token iss claim before issuer comparison (#837)
jwt.verify does an exact string match on the issuer. Providers like
Authentik include a trailing slash in the id_token iss claim while the
configured issuer is already normalized (no trailing slash), causing
every login attempt to fail with jwt issuer invalid.

Move the issuer check out of jwt.verify options and apply the same
trailing-slash normalization used in the discovery doc validation.
Also adds OIDC-SVC-033–036 unit tests covering exact match, trailing
slash, wrong issuer, and wrong audience cases.

Closes #834
2026-04-22 22:16:33 +02:00
..
mcp fix(mcp): add RFC 9728 PRM, RFC 8707 audience binding, and collab sub-feature gating 2026-04-20 07:34:38 +02:00
middleware security: close SEC-H4/H6 gaps from second-pass review 2026-04-20 21:35:30 +02:00
services fix(oidc): normalize id_token iss claim before issuer comparison (#837) 2026-04-22 22:16:33 +02:00
systemNotices feat(system-notices): replace expiresAt with [minVersion, maxVersion) version gate 2026-04-17 20:03:23 +02:00
utils test: expand test suite to 87.3% backend coverage 2026-04-06 20:08:30 +02:00
scheduler.test.ts Add comprehensive backend test suite (#339) 2026-04-03 13:17:53 +02:00