Returns error when UseIDToken is true but response doesn't have ID token.

Updated comments.
2019-05-17 10:50:36 -07:00 · 2019-05-17 10:50:36 -07:00 · ac8ecd8e45
parent a5a809ae12
commit ac8ecd8e45
1 changed files with 8 additions and 8 deletions
--- a/jwt/jwt.go
+++ b/jwt/jwt.go
@ -69,13 +69,10 @@ type Config struct {

 	// PrivateClaims optionally specifies custom private claims in the JWT.
 	// See http://tools.ietf.org/html/draft-jones-json-web-token-10#section-4.3
-	//
-	// Private claim values can be different types, therefore interface{} is
-	// used and marshalled using custom code.
 	PrivateClaims map[string]interface{}

-	// UseIDToken optionally uses ID token instead of access token when
-	// server returns both 'access_token' and 'id_token'.
+	// UseIDToken optionally specifies whether ID token should be used instead
+	// of access token when the server returns both.
 	UseIDToken bool
 }

@ -176,10 +173,13 @@ func (js jwtSource) Token() (*oauth2.Token, error) {
 		if err != nil {
 			return nil, fmt.Errorf("oauth2: error decoding JWT token: %v", err)
 		}
-		if js.conf.UseIDToken {
-			token.AccessToken = tokenRes.IDToken
-		}
 		token.Expiry = time.Unix(claimSet.Exp, 0)
 	}
+	if js.conf.UseIDToken {
+		if tokenRes.IDToken == "" {
+			return nil, fmt.Errorf("oauth2: response doesn't have JWT token")
+		}
+		token.AccessToken = tokenRes.IDToken
+	}
 	return token, nil
 }