diff --git a/app/Access/Oidc/OidcUserDetails.php b/app/Access/Oidc/OidcUserDetails.php
index bccc49ee4..fae20de0b 100644
--- a/app/Access/Oidc/OidcUserDetails.php
+++ b/app/Access/Oidc/OidcUserDetails.php
@@ -22,7 +22,7 @@ class OidcUserDetails
$hasEmpty = empty($this->externalId)
|| empty($this->email)
|| empty($this->name)
- || ($groupSyncActive && empty($this->groups));
+ || ($groupSyncActive && $this->groups === null);
return !$hasEmpty;
}
@@ -57,15 +57,15 @@ class OidcUserDetails
return implode(' ', $displayName);
}
- protected static function getUserGroups(string $groupsClaim, ProvidesClaims $token): array
+ protected static function getUserGroups(string $groupsClaim, ProvidesClaims $token): ?array
{
if (empty($groupsClaim)) {
- return [];
+ return null;
}
$groupsList = Arr::get($token->getAllClaims(), $groupsClaim);
if (!is_array($groupsList)) {
- return [];
+ return null;
}
return array_values(array_filter($groupsList, function ($val) {
diff --git a/tests/Auth/OidcTest.php b/tests/Auth/OidcTest.php
index 9bde71c80..201f67b53 100644
--- a/tests/Auth/OidcTest.php
+++ b/tests/Auth/OidcTest.php
@@ -849,6 +849,26 @@ class OidcTest extends TestCase
$this->assertSessionError('Userinfo endpoint response validation failed with error: No valid subject value found in userinfo data');
}
+ public function test_userinfo_endpoint_not_called_if_empty_groups_array_provided_in_id_token()
+ {
+ config()->set([
+ 'oidc.user_to_groups' => true,
+ 'oidc.groups_claim' => 'groups',
+ 'oidc.remove_from_groups' => false,
+ ]);
+
+ $this->post('/oidc/login');
+ $state = session()->get('oidc_state');
+ $client = $this->mockHttpClient([$this->getMockAuthorizationResponse([
+ 'groups' => [],
+ ])]);
+
+ $resp = $this->get('/oidc/callback?code=SplxlOBeZQQYbYS6WxSbIA&state=' . $state);
+ $resp->assertRedirect('/');
+ $this->assertEquals(1, $client->requestCount());
+ $this->assertTrue(auth()->check());
+ }
+
protected function withAutodiscovery(): void
{
config()->set([