test: extract test helper to convert and verify raw id token

2 files changed, 17 insertions, 3 deletions

diff --git a/app/controllers/sessions/controller_test.go b/app/controllers/sessions/controller_test.go
index 160594b..8f2118f 100644
--- a/app/controllers/sessions/controller_test.go
+++ b/app/controllers/sessions/controller_test.go
@@ -19,11 +19,13 @@ func TestSessions(t *testing.T) {
 	srv := test.NewOIDCServer(t)
 	defer srv.Close()
 
+	clientID := srv.MockOIDC.Config().ClientID
+	clientSecret := srv.MockOIDC.Config().ClientSecret
 	cfg, err := oidc.New(
 		t.Context(),
 		srv.Issuer(),
-		srv.MockOIDC.Config().ClientID,
-		srv.MockOIDC.Config().ClientSecret,
+		clientID,
+		clientSecret,
 		"callback_url",
 	)
 	require.NoError(t, err)
@@ -88,7 +90,10 @@ func TestSessions(t *testing.T) {
 			require.NoError(t, json.Unmarshal(data, &tokens))
 
 			t.Run("stores the id token in a session cookie", func(t *testing.T) {
-				assert.NotEmpty(t, tokens["id_token"])
+				require.NotEmpty(t, tokens["id_token"])
+
+				idToken := srv.Verify(tokens["id_token"].(string))
+				assert.Equal(t, user.Subject, idToken.Subject)
 			})
 
 			t.Run("stores the access token in a session cookie", func(t *testing.T) {
diff --git a/pkg/test/oidc_server.go b/pkg/test/oidc_server.go
index 152d685..f4ccd82 100644
--- a/pkg/test/oidc_server.go
+++ b/pkg/test/oidc_server.go
@@ -75,6 +75,15 @@ func (srv *TestServer) CreateTokensFor(user mockoidc.User) (*oauth2.Token, strin
 	return token, rawIDToken
 }
 
+func (srv *TestServer) Verify(rawIDToken string) *oidc.IDToken {
+	idToken, err := srv.
+		Verifier(&oidc.Config{ClientID: srv.MockOIDC.Config().ClientID}).
+		Verify(srv.Context(), rawIDToken)
+	require.NoError(srv, err)
+
+	return idToken
+}
+
 func (s *TestServer) Close() {
 	s.Shutdown()
 }