From 58b1f93553a29f4ec61b72710c274182b7308b1d Mon Sep 17 00:00:00 2001
From: Mark Phelps <209477+markphelps@users.noreply.github.com>
Date: Mon, 15 Apr 2024 15:51:19 -0400
Subject: [PATCH] chore: add test

---
 .../authn/middleware/grpc/middleware_test.go  | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/internal/server/authn/middleware/grpc/middleware_test.go b/internal/server/authn/middleware/grpc/middleware_test.go
index a693bb65c5..c0997a061b 100644
--- a/internal/server/authn/middleware/grpc/middleware_test.go
+++ b/internal/server/authn/middleware/grpc/middleware_test.go
@@ -73,6 +73,7 @@ func TestJWTAuthenticationInterceptor(t *testing.T) {
 				claims := map[string]interface{}{
 					"iss": "https://flipt.io/",
 					"aud": "flipt",
+					"sub": "sunglasses",
 					"iat": nowUnix,
 					"exp": futureUnix,
 				}
@@ -85,6 +86,7 @@ func TestJWTAuthenticationInterceptor(t *testing.T) {
 			expectedJWT: jwt.Expected{
 				Issuer:    "https://flipt.io/",
 				Audiences: []string{"flipt"},
+				Subject:   "sunglasses",
 			},
 		},
 		{
@@ -138,6 +140,27 @@ func TestJWTAuthenticationInterceptor(t *testing.T) {
 			},
 			expectedErr: ErrUnauthenticated,
 		},
+		{
+			name: "invalid subject",
+			metadataFunc: func() metadata.MD {
+				claims := map[string]interface{}{
+					"iss": "https://flipt.io/",
+					"iat": nowUnix,
+					"exp": futureUnix,
+					"sub": "bar",
+				}
+
+				token := oidc.TestSignJWT(t, priv, string(jwt.RS256), claims, []byte("test-key"))
+				return metadata.MD{
+					"Authorization": []string{"JWT " + token},
+				}
+			},
+			expectedJWT: jwt.Expected{
+				Issuer:  "https://flipt.io/",
+				Subject: "flipt",
+			},
+			expectedErr: ErrUnauthenticated,
+		},
 		{
 			name: "invalid audience",
 			metadataFunc: func() metadata.MD {