1 files changed, 25 insertions, 2 deletions

diff --git a/spec/requests/openid_connect_spec.rb b/spec/requests/openid_connect_spec.rb
index 785ab98a3d0..7b682d76150 100644
--- a/spec/requests/openid_connect_spec.rb
+++ b/spec/requests/openid_connect_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe 'OpenID Connect requests' do
+RSpec.describe 'OpenID Connect requests' do
   let(:user) do
     create(
       :user,
@@ -146,8 +146,16 @@ describe 'OpenID Connect requests' do
         expect(@payload['auth_time']).to eq user.current_sign_in_at.to_i
       end
 
+      it 'has public email in email claim' do
+        expect(@payload['email']).to eq(user.public_email)
+      end
+
+      it 'has true in email_verified claim' do
+        expect(@payload['email_verified']).to eq(true)
+      end
+
       it 'does not include any unknown properties' do
-        expect(@payload.keys).to eq %w[iss sub aud exp iat auth_time sub_legacy]
+        expect(@payload.keys).to eq %w[iss sub aud exp iat auth_time sub_legacy email email_verified]
       end
     end
 
@@ -211,5 +219,20 @@ describe 'OpenID Connect requests' do
         expect(json_response['email_verified']).to eq(true)
       end
     end
+
+    context 'ID token payload' do
+      before do
+        request_access_token!
+        @payload = JSON::JWT.decode(json_response['id_token'], :skip_verification)
+      end
+
+      it 'has private email in email claim' do
+        expect(@payload['email']).to eq(user.email)
+      end
+
+      it 'has true in email_verified claim' do
+        expect(@payload['email_verified']).to eq(true)
+      end
+    end
   end
 end