From 560e78c1b0f3bcf4dbd8948aa41f5f8eb0a2b9e6 Mon Sep 17 00:00:00 2001
From: sbp-bvanb <bvanbreukelen@schubergphilis.com>
Date: Fri, 27 Dec 2024 20:28:37 +0100
Subject: [PATCH] feat: Add SUB to JWT claim Okta

---
 .github/workflows/docker.yml |  1 +
 .gitignore                   |  3 +++
 cmd/oktamock/main.go         | 15 +++++++++------
 3 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 178fe87..5945b8d 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -16,6 +16,7 @@ jobs:
         build-args:
           - mcvs-integrationtest-services
           - mcvs-stub-server
+          - oktamock
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4.2.2
diff --git a/.gitignore b/.gitignore
index 0c2ff7b..e3a021b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,5 @@
 .task
 .vscode
+coverage.html
+functioncoverage.out
+profile.cov
diff --git a/cmd/oktamock/main.go b/cmd/oktamock/main.go
index 7420e5a..473267e 100644
--- a/cmd/oktamock/main.go
+++ b/cmd/oktamock/main.go
@@ -73,6 +73,7 @@ type JWTConfig struct {
 	Issuer        string        `env:"ISSUER" envDefault:"http://localhost:8080"`
 	KID           string        `env:"KID" envDefault:"mock-kid"`
 	SigningMethod SigningMethod `env:"SIGNING_METHOD" envDefault:"RS256"`
+	Sub           string        `env:"SUB" envDefault:""`
 }
 
 // NewConfig returns the config.
@@ -109,9 +110,9 @@ func main() {
 // OktaMockServer represents a mock Okta server which can be used to create and validate JWT tokens.
 // Serves as a subtitute for using an actual Okta Server.
 type OktaMockServer struct {
-	audience, issuer string
-	expiration       time.Duration
-	groups           []string
+	audience, issuer, sub string
+	expiration            time.Duration
+	groups                []string
 
 	privKey *rsa.PrivateKey
 	jwkKey  jwk.Key
@@ -133,11 +134,12 @@ func (o *OktaMockServer) handleGetValidJWT(w http.ResponseWriter, r *http.Reques
 	now := time.Now()
 	claims := jwt.MapClaims{
 		"aud":    o.audience,
-		"iss":    o.issuer,
-		"iat":    now.Unix(),
 		"exp":    now.Add(o.expiration).Unix(),
-		"nbf":    now.AddDate(0, 0, -1).Unix(),
 		"Groups": o.groups,
+		"iat":    now.Unix(),
+		"iss":    o.issuer,
+		"nbf":    now.AddDate(0, 0, -1).Unix(),
+		"sub":    o.sub,
 	}
 
 	// Add custom claims
@@ -220,6 +222,7 @@ func NewOktaMockServer(cfg *Config) (*OktaMockServer, error) {
 		issuer:     cfg.JWTConfig.Issuer,
 		jwkKey:     jwkKey,
 		privKey:    privKeyRSA,
+		sub:        cfg.JWTConfig.Sub,
 	}, nil
 }