[Enhancement] Add EmailVerified field for Apple's ID token (#558)

* [Enhancement] Add EmailVerified field for Apple's ID token

* [Fix] Include "email_verified" field in Apple's unit test case.

* [Fix] Add missing BooleanString validation in TestIDTokenClaimsUnmarshal method

* [Fix] Fill up test payload

Author: althenlimzixuan

providers/apple/session.go

@@ -24,6 +24,7 @@ type ID struct {
 	Sub            string `json:"sub"`
 	Email          string `json:"email"`
 	IsPrivateEmail bool   `json:"is_private_email"`
+	EmailVerified  bool   `json:"email_verified"`
 }
 
 type Session struct {
@@ -52,6 +53,7 @@ type IDTokenClaims struct {
 	AuthTime        int        `json:"auth_time"`
 	Email           string     `json:"email"`
 	IsPrivateEmail  BoolString `json:"is_private_email"`
+	EmailVerified   BoolString `json:"email_verified,omitempty"`
 }
 
 func (s *Session) Authorize(provider goth.Provider, params goth.Params) (string, error) {
@@ -124,6 +126,7 @@ func (s *Session) Authorize(provider goth.Provider, params goth.Params) (string,
 			Sub:            idToken.Claims.(*IDTokenClaims).Subject,
 			Email:          idToken.Claims.(*IDTokenClaims).Email,
 			IsPrivateEmail: idToken.Claims.(*IDTokenClaims).IsPrivateEmail.Value(),
+			EmailVerified:  idToken.Claims.(*IDTokenClaims).EmailVerified.Value(),
 		}
 	}
 

providers/apple/session_test.go

@@ -37,7 +37,7 @@ func Test_ToJSON(t *testing.T) {
 	s := &Session{}
 
 	data := s.Marshal()
-	a.Equal(data, `{"AuthURL":"","AccessToken":"","RefreshToken":"","ExpiresAt":"0001-01-01T00:00:00Z","sub":"","email":"","is_private_email":false}`)
+	a.Equal(data, `{"AuthURL":"","AccessToken":"","RefreshToken":"","ExpiresAt":"0001-01-01T00:00:00Z","sub":"","email":"","is_private_email":false,"email_verified":false}`)
 }
 
 func Test_String(t *testing.T) {
@@ -59,23 +59,30 @@ func TestIDTokenClaimsUnmarshal(t *testing.T) {
 	}{
 		{
 			name:    "'is_private_email' claim is a string",
-			idToken: `{"AuthURL":"","AccessToken":"","RefreshToken":"","ExpiresAt":"0001-01-01T00:00:00Z","sub":"","email":"[email protected]","is_private_email":"true"}`,
+			idToken: `{"AuthURL":"","AccessToken":"","RefreshToken":"","ExpiresAt":"0001-01-01T00:00:00Z","sub":"","email":"[email protected]","is_private_email":"true", "email_verified":"true"}`,
 			expectedClaims: IDTokenClaims{
 				Email: "[email protected]",
 				IsPrivateEmail: BoolString{
 					StringValue: "true",
 				},
+				EmailVerified: BoolString{
+					StringValue: "true",
+				},
 			},
 		},
 		{
 			name:    "'is_private_email' claim is a boolean",
-			idToken: `{"AuthURL":"","AccessToken":"","RefreshToken":"","ExpiresAt":"0001-01-01T00:00:00Z","sub":"","email":"[email protected]","is_private_email":true}`,
+			idToken: `{"AuthURL":"","AccessToken":"","RefreshToken":"","ExpiresAt":"0001-01-01T00:00:00Z","sub":"","email":"[email protected]","is_private_email":true,"email_verified":true}`,
 			expectedClaims: IDTokenClaims{
 				Email: "[email protected]",
 				IsPrivateEmail: BoolString{
 					BoolValue:   true,
 					IsValidBool: true,
 				},
+				EmailVerified: BoolString{
+					BoolValue:   true,
+					IsValidBool: true,
+				},
 			},
 		},
 	}