removed check for matching org_id and organization name returned in t…

…oken as claims during auth
auth0 · Oct 28, 2024 · 7be0cad · 7be0cad
1 parent 4b95784
commit 7be0cad
Show file tree

Hide file tree

Showing 3 changed files with 0 additions and 102 deletions.
diff --git a/src/auth/id-token-validator.ts b/src/auth/id-token-validator.ts
@@ -102,24 +102,12 @@ export class IDTokenValidator {
             'Organization Id (org_id) claim must be a string present in the ID token'
           );
         }
-
-        if (payload.org_id !== organization) {
-          throw new Error(
-            `Organization Id (org_id) claim value mismatch in the ID token; expected "${organization}", found "${payload.org_id}"'`
-          );
-        }
       } else {
         if (!payload.org_name || typeof payload.org_name !== 'string') {
           throw new Error(
             'Organization Name (org_name) claim must be a string present in the ID token'
           );
         }
-
-        if (payload.org_name !== organization.toLowerCase()) {
-          throw new Error(
-            `Organization Name (org_name) claim value mismatch in the ID token; expected "${organization}", found "${payload.org_name}"'`
-          );
-        }
       }
     }
 

diff --git a/test/auth/id-token-validator.test.ts b/test/auth/id-token-validator.test.ts
@@ -386,60 +386,4 @@ describe('id-token-validator', () => {
       'Organization Name (org_name) claim must be a string present in the ID token'
     );
   });
-
-  it('should throw when org id claim doesnt match org expected', async () => {
-    const idTokenValidator = new IDTokenValidator({
-      domain: DOMAIN,
-      clientId: CLIENT_ID,
-      clientSecret: CLIENT_SECRET,
-    });
-
-    const jwt = await sign({ payload: { org_id: 'org_1234' } });
-
-    await expect(idTokenValidator.validate(jwt, { organization: 'org_123' })).rejects.toThrow(
-      'Organization Id (org_id) claim value mismatch in the ID token; expected "org_123", found "org_1234'
-    );
-  });
-
-  it('should throw when org name claim doesnt match org expected', async () => {
-    const idTokenValidator = new IDTokenValidator({
-      domain: DOMAIN,
-      clientId: CLIENT_ID,
-      clientSecret: CLIENT_SECRET,
-    });
-
-    const jwt = await sign({ payload: { org_name: 'notExpectedOrg' } });
-
-    await expect(idTokenValidator.validate(jwt, { organization: 'testorg' })).rejects.toThrow(
-      'Organization Name (org_name) claim value mismatch in the ID token; expected "testorg", found "notExpectedOrg'
-    );
-  });
-
-  it('should NOT throw when org_id matches expected organization', async () => {
-    const idTokenValidator = new IDTokenValidator({
-      domain: DOMAIN,
-      clientId: CLIENT_ID,
-      clientSecret: CLIENT_SECRET,
-    });
-
-    const jwt = await sign({ payload: { org_id: 'org_123' } });
-
-    await expect(
-      idTokenValidator.validate(jwt, { organization: 'org_123' })
-    ).resolves.not.toThrow();
-  });
-
-  it('should NOT throw when org_name matches expected organization', async () => {
-    const idTokenValidator = new IDTokenValidator({
-      domain: DOMAIN,
-      clientId: CLIENT_ID,
-      clientSecret: CLIENT_SECRET,
-    });
-
-    const jwt = await sign({ payload: { org_name: 'testorg' } });
-
-    await expect(
-      idTokenValidator.validate(jwt, { organization: 'testOrg' })
-    ).resolves.not.toThrow();
-  });
 });
diff --git a/test/auth/oauth.test.ts b/test/auth/oauth.test.ts
@@ -409,38 +409,4 @@ describe('OAuth (with ID Token validation)', () => {
     );
     nockDone();
   });
-
-  it('should throw for invalid organization id', async () => {
-    const { nockDone } = await nockBack('auth/fixtures/oauth.json', {
-      before: await withIdToken({
-        ...opts,
-        payload: { org_id: 'org_123' },
-      }),
-    });
-    const oauth = new OAuth(opts);
-    await expect(
-      oauth.refreshTokenGrant(
-        { refresh_token: 'test-refresh-token' },
-        { idTokenValidateOptions: { organization: 'org_1235' } }
-      )
-    ).rejects.toThrowError(/\(org_id\) claim value mismatch in the ID token/);
-    nockDone();
-  });
-
-  it('should throw for invalid organization name', async () => {
-    const { nockDone } = await nockBack('auth/fixtures/oauth.json', {
-      before: await withIdToken({
-        ...opts,
-        payload: { org_name: 'org123' },
-      }),
-    });
-    const oauth = new OAuth(opts);
-    await expect(
-      oauth.refreshTokenGrant(
-        { refresh_token: 'test-refresh-token' },
-        { idTokenValidateOptions: { organization: 'org1235' } }
-      )
-    ).rejects.toThrowError(/\(org_name\) claim value mismatch in the ID token/);
-    nockDone();
-  });
 });