jwt-verify 0.1.2

use regex::Regex;
use serde_json::Value;
use std::collections::HashSet;
use std::fmt;
use std::ops::RangeInclusive;

use crate::claims::CognitoJwtClaims;

/// Trait for custom claim validators
pub trait ClaimValidator: Send + Sync {
    /// Validate a claim
    fn validate(&self, claims: &CognitoJwtClaims) -> Result<(), String>;
}

/// Validator that checks if a claim exists
pub struct ExistenceValidator {
    /// Claim name
    claim_name: String,
}

impl ExistenceValidator {
    /// Create a new existence validator
    pub fn new(claim_name: &str) -> Self {
        Self {
            claim_name: claim_name.to_string(),
        }
    }
}

impl ClaimValidator for ExistenceValidator {
    fn validate(&self, claims: &CognitoJwtClaims) -> Result<(), String> {
        if claims.custom_claims.contains_key(&self.claim_name) {
            Ok(())
        } else {
            Err(format!("Claim '{}' is required", self.claim_name))
        }
    }
}

impl fmt::Debug for ExistenceValidator {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.debug_struct("ExistenceValidator")
            .field("claim_name", &self.claim_name)
            .finish()
    }
}

/// Validator that checks if a string claim has a specific value
pub struct StringValueValidator {
    /// Claim name
    claim_name: String,
    /// Expected value
    expected_value: String,
}

impl StringValueValidator {
    /// Create a new string value validator
    pub fn new(claim_name: &str, expected_value: &str) -> Self {
        Self {
            claim_name: claim_name.to_string(),
            expected_value: expected_value.to_string(),
        }
    }
}

impl ClaimValidator for StringValueValidator {
    fn validate(&self, claims: &CognitoJwtClaims) -> Result<(), String> {
        if let Some(Value::String(value)) = claims.custom_claims.get(&self.claim_name) {
            if value == &self.expected_value {
                Ok(())
            } else {
                Err(format!(
                    "Claim '{}' has invalid value: expected '{}', got '{}'",
                    self.claim_name, self.expected_value, value
                ))
            }
        } else {
            Err(format!(
                "Claim '{}' is missing or not a string",
                self.claim_name
            ))
        }
    }
}

impl fmt::Debug for StringValueValidator {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.debug_struct("StringValueValidator")
            .field("claim_name", &self.claim_name)
            .field("expected_value", &self.expected_value)
            .finish()
    }
}

/// Validator that checks if a string claim is one of the allowed values
pub struct AllowedValuesValidator {
    /// Claim name
    claim_name: String,
    /// Allowed values
    allowed_values: HashSet<String>,
}

impl AllowedValuesValidator {
    /// Create a new allowed values validator
    pub fn new(claim_name: &str, allowed_values: &[&str]) -> Self {
        Self {
            claim_name: claim_name.to_string(),
            allowed_values: allowed_values.iter().map(|s| s.to_string()).collect(),
        }
    }
}

impl ClaimValidator for AllowedValuesValidator {
    fn validate(&self, claims: &CognitoJwtClaims) -> Result<(), String> {
        if let Some(Value::String(value)) = claims.custom_claims.get(&self.claim_name) {
            if self.allowed_values.contains(value) {
                Ok(())
            } else {
                Err(format!(
                    "Claim '{}' has invalid value: '{}' is not one of the allowed values",
                    self.claim_name, value
                ))
            }
        } else {
            Err(format!(
                "Claim '{}' is missing or not a string",
                self.claim_name
            ))
        }
    }
}

impl fmt::Debug for AllowedValuesValidator {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.debug_struct("AllowedValuesValidator")
            .field("claim_name", &self.claim_name)
            .field("allowed_values", &self.allowed_values)
            .finish()
    }
}

/// Validator that checks if a numeric claim is within a range
pub struct NumericRangeValidator {
    /// Claim name
    claim_name: String,
    /// Allowed range
    range: RangeInclusive<f64>,
}

impl NumericRangeValidator {
    /// Create a new numeric range validator
    pub fn new(claim_name: &str, min: f64, max: f64) -> Self {
        Self {
            claim_name: claim_name.to_string(),
            range: min..=max,
        }
    }
}

impl ClaimValidator for NumericRangeValidator {
    fn validate(&self, claims: &CognitoJwtClaims) -> Result<(), String> {
        if let Some(value) = claims.custom_claims.get(&self.claim_name) {
            let num = match value {
                Value::Number(n) => n.as_f64().unwrap_or(0.0),
                Value::String(s) => s.parse::<f64>().unwrap_or(0.0),
                _ => {
                    return Err(format!("Claim '{}' is not a number", self.claim_name));
                }
            };

            if self.range.contains(&num) {
                Ok(())
            } else {
                Err(format!(
                    "Claim '{}' is outside the allowed range: {} not in {:?}",
                    self.claim_name, num, self.range
                ))
            }
        } else {
            Err(format!("Claim '{}' is missing", self.claim_name))
        }
    }
}

impl fmt::Debug for NumericRangeValidator {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.debug_struct("NumericRangeValidator")
            .field("claim_name", &self.claim_name)
            .field("range", &format!("{:?}", self.range))
            .finish()
    }
}

/// Validator that checks if a boolean claim has a specific value
pub struct BooleanValidator {
    /// Claim name
    claim_name: String,
    /// Expected value
    expected_value: bool,
}

impl BooleanValidator {
    /// Create a new boolean validator
    pub fn new(claim_name: &str, expected_value: bool) -> Self {
        Self {
            claim_name: claim_name.to_string(),
            expected_value,
        }
    }
}

impl ClaimValidator for BooleanValidator {
    fn validate(&self, claims: &CognitoJwtClaims) -> Result<(), String> {
        if let Some(Value::Bool(value)) = claims.custom_claims.get(&self.claim_name) {
            if *value == self.expected_value {
                Ok(())
            } else {
                Err(format!(
                    "Claim '{}' has invalid value: expected {}, got {}",
                    self.claim_name, self.expected_value, value
                ))
            }
        } else {
            Err(format!(
                "Claim '{}' is missing or not a boolean",
                self.claim_name
            ))
        }
    }
}

impl fmt::Debug for BooleanValidator {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.debug_struct("BooleanValidator")
            .field("claim_name", &self.claim_name)
            .field("expected_value", &self.expected_value)
            .finish()
    }
}

/// Validator that checks if a string claim matches a regex pattern
pub struct RegexValidator {
    /// Claim name
    claim_name: String,
    /// Regex pattern
    pattern: Regex,
    /// Pattern string for debug
    pattern_str: String,
}

impl RegexValidator {
    /// Create a new regex validator
    pub fn new(claim_name: &str, pattern: &str) -> Result<Self, regex::Error> {
        Ok(Self {
            claim_name: claim_name.to_string(),
            pattern: Regex::new(pattern)?,
            pattern_str: pattern.to_string(),
        })
    }
}

impl ClaimValidator for RegexValidator {
    fn validate(&self, claims: &CognitoJwtClaims) -> Result<(), String> {
        if let Some(Value::String(value)) = claims.custom_claims.get(&self.claim_name) {
            if self.pattern.is_match(value) {
                Ok(())
            } else {
                Err(format!(
                    "Claim '{}' does not match pattern: '{}' does not match '{}'",
                    self.claim_name, value, self.pattern_str
                ))
            }
        } else {
            Err(format!(
                "Claim '{}' is missing or not a string",
                self.claim_name
            ))
        }
    }
}

impl fmt::Debug for RegexValidator {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.debug_struct("RegexValidator")
            .field("claim_name", &self.claim_name)
            .field("pattern", &self.pattern_str)
            .finish()
    }
}

/// Validator that checks if an array claim contains a specific value
pub struct ArrayContainsValidator {
    /// Claim name
    claim_name: String,
    /// Value to check for
    value: Value,
}

impl ArrayContainsValidator {
    /// Create a new array contains validator for a string value
    pub fn new_string(claim_name: &str, value: &str) -> Self {
        Self {
            claim_name: claim_name.to_string(),
            value: Value::String(value.to_string()),
        }
    }

    /// Create a new array contains validator for a numeric value
    pub fn new_number(claim_name: &str, value: f64) -> Self {
        Self {
            claim_name: claim_name.to_string(),
            value: Value::Number(serde_json::Number::from_f64(value).unwrap()),
        }
    }

    /// Create a new array contains validator for a boolean value
    pub fn new_bool(claim_name: &str, value: bool) -> Self {
        Self {
            claim_name: claim_name.to_string(),
            value: Value::Bool(value),
        }
    }
}

impl ClaimValidator for ArrayContainsValidator {
    fn validate(&self, claims: &CognitoJwtClaims) -> Result<(), String> {
        if let Some(Value::Array(array)) = claims.custom_claims.get(&self.claim_name) {
            if array.contains(&self.value) {
                Ok(())
            } else {
                Err(format!(
                    "Claim '{}' does not contain expected value: {:?}",
                    self.claim_name, self.value
                ))
            }
        } else {
            Err(format!(
                "Claim '{}' is missing or not an array",
                self.claim_name
            ))
        }
    }
}

impl fmt::Debug for ArrayContainsValidator {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.debug_struct("ArrayContainsValidator")
            .field("claim_name", &self.claim_name)
            .field("value", &self.value)
            .finish()
    }
}

/// Validator that combines multiple validators with AND logic
pub struct AndValidator {
    /// Validators
    validators: Vec<Box<dyn ClaimValidator>>,
}

impl AndValidator {
    /// Create a new AND validator
    pub fn new(validators: Vec<Box<dyn ClaimValidator>>) -> Self {
        Self { validators }
    }
}

impl ClaimValidator for AndValidator {
    fn validate(&self, claims: &CognitoJwtClaims) -> Result<(), String> {
        for validator in &self.validators {
            if let Err(reason) = validator.validate(claims) {
                return Err(reason);
            }
        }
        Ok(())
    }
}

impl fmt::Debug for AndValidator {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.debug_struct("AndValidator")
            .field("validators_count", &self.validators.len())
            .finish()
    }
}

/// Validator that combines multiple validators with OR logic
pub struct OrValidator {
    /// Validators
    validators: Vec<Box<dyn ClaimValidator>>,
}

impl OrValidator {
    /// Create a new OR validator
    pub fn new(validators: Vec<Box<dyn ClaimValidator>>) -> Self {
        Self { validators }
    }
}

impl ClaimValidator for OrValidator {
    fn validate(&self, claims: &CognitoJwtClaims) -> Result<(), String> {
        let mut errors = Vec::new();
        for validator in &self.validators {
            match validator.validate(claims) {
                Ok(()) => return Ok(()),
                Err(reason) => errors.push(reason),
            }
        }
        Err(format!(
            "None of the validators passed: {}",
            errors.join(", ")
        ))
    }
}

impl fmt::Debug for OrValidator {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.debug_struct("OrValidator")
            .field("validators_count", &self.validators.len())
            .finish()
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::collections::HashMap;

    #[test]
    fn test_existence_validator() {
        let validator = ExistenceValidator::new("test_claim");

        // Test with existing claim
        let mut claims = CognitoJwtClaims {
            sub: "user123".to_string(),
            iss: "https://example.com".to_string(),
            client_id: "client123".to_string(),
            origin_jti: None,
            event_id: None,
            token_use: "id".to_string(),
            scope: None,
            auth_time: 0,
            exp: 0,
            iat: 0,
            jti: "jti123".to_string(),
            username: None,
            custom_claims: HashMap::new(),
        };

        claims
            .custom_claims
            .insert("test_claim".to_string(), Value::String("value".to_string()));

        assert!(validator.validate(&claims).is_ok());

        // Test with missing claim
        let claims = CognitoJwtClaims {
            sub: "user123".to_string(),
            iss: "https://example.com".to_string(),
            client_id: "client123".to_string(),
            origin_jti: None,
            event_id: None,
            token_use: "id".to_string(),
            scope: None,
            auth_time: 0,
            exp: 0,
            iat: 0,
            jti: "jti123".to_string(),
            username: None,
            custom_claims: HashMap::new(),
        };

        assert!(validator.validate(&claims).is_err());
    }

    #[test]
    fn test_string_value_validator() {
        let validator = StringValueValidator::new("test_claim", "expected_value");

        // Test with matching value
        let mut claims = CognitoJwtClaims {
            sub: "user123".to_string(),
            iss: "https://example.com".to_string(),
            client_id: "client123".to_string(),
            origin_jti: None,
            event_id: None,
            token_use: "id".to_string(),
            scope: None,
            auth_time: 0,
            exp: 0,
            iat: 0,
            jti: "jti123".to_string(),
            username: None,
            custom_claims: HashMap::new(),
        };

        claims.custom_claims.insert(
            "test_claim".to_string(),
            Value::String("expected_value".to_string()),
        );

        assert!(validator.validate(&claims).is_ok());

        // Test with non-matching value
        let mut claims = CognitoJwtClaims {
            sub: "user123".to_string(),
            iss: "https://example.com".to_string(),
            client_id: "client123".to_string(),
            origin_jti: None,
            event_id: None,
            token_use: "id".to_string(),
            scope: None,
            auth_time: 0,
            exp: 0,
            iat: 0,
            jti: "jti123".to_string(),
            username: None,
            custom_claims: HashMap::new(),
        };

        claims.custom_claims.insert(
            "test_claim".to_string(),
            Value::String("wrong_value".to_string()),
        );

        assert!(validator.validate(&claims).is_err());

        // Test with missing claim
        let claims = CognitoJwtClaims {
            sub: "user123".to_string(),
            iss: "https://example.com".to_string(),
            client_id: "client123".to_string(),
            origin_jti: None,
            event_id: None,
            token_use: "id".to_string(),
            scope: None,
            auth_time: 0,
            exp: 0,
            iat: 0,
            jti: "jti123".to_string(),
            username: None,
            custom_claims: HashMap::new(),
        };

        assert!(validator.validate(&claims).is_err());
    }

    #[test]
    fn test_allowed_values_validator() {
        let validator = AllowedValuesValidator::new("test_claim", &["value1", "value2", "value3"]);

        // Test with allowed value
        let mut claims = CognitoJwtClaims {
            sub: "user123".to_string(),
            iss: "https://example.com".to_string(),
            client_id: "client123".to_string(),
            origin_jti: None,
            event_id: None,
            token_use: "id".to_string(),
            scope: None,
            auth_time: 0,
            exp: 0,
            iat: 0,
            jti: "jti123".to_string(),
            username: None,
            custom_claims: HashMap::new(),
        };

        claims.custom_claims.insert(
            "test_claim".to_string(),
            Value::String("value2".to_string()),
        );

        assert!(validator.validate(&claims).is_ok());

        // Test with non-allowed value
        let mut claims = CognitoJwtClaims {
            sub: "user123".to_string(),
            iss: "https://example.com".to_string(),
            client_id: "client123".to_string(),
            origin_jti: None,
            event_id: None,
            token_use: "id".to_string(),
            scope: None,
            auth_time: 0,
            exp: 0,
            iat: 0,
            jti: "jti123".to_string(),
            username: None,
            custom_claims: HashMap::new(),
        };

        claims.custom_claims.insert(
            "test_claim".to_string(),
            Value::String("value4".to_string()),
        );

        assert!(validator.validate(&claims).is_err());
    }

    #[test]
    fn test_numeric_range_validator() {
        let validator = NumericRangeValidator::new("test_claim", 10.0, 20.0);

        // Test with value in range
        let mut claims = CognitoJwtClaims {
            sub: "user123".to_string(),
            iss: "https://example.com".to_string(),
            client_id: "client123".to_string(),
            origin_jti: None,
            event_id: None,
            token_use: "id".to_string(),
            scope: None,
            auth_time: 0,
            exp: 0,
            iat: 0,
            jti: "jti123".to_string(),
            username: None,
            custom_claims: HashMap::new(),
        };

        claims.custom_claims.insert(
            "test_claim".to_string(),
            Value::Number(serde_json::Number::from_f64(15.0).unwrap()),
        );

        assert!(validator.validate(&claims).is_ok());

        // Test with value out of range
        let mut claims = CognitoJwtClaims {
            sub: "user123".to_string(),
            iss: "https://example.com".to_string(),
            client_id: "client123".to_string(),
            origin_jti: None,
            event_id: None,
            token_use: "id".to_string(),
            scope: None,
            auth_time: 0,
            exp: 0,
            iat: 0,
            jti: "jti123".to_string(),
            username: None,
            custom_claims: HashMap::new(),
        };

        claims.custom_claims.insert(
            "test_claim".to_string(),
            Value::Number(serde_json::Number::from_f64(25.0).unwrap()),
        );

        assert!(validator.validate(&claims).is_err());
    }

    #[test]
    fn test_boolean_validator() {
        let validator = BooleanValidator::new("test_claim", true);

        // Test with matching value
        let mut claims = CognitoJwtClaims {
            sub: "user123".to_string(),
            iss: "https://example.com".to_string(),
            client_id: "client123".to_string(),
            origin_jti: None,
            event_id: None,
            token_use: "id".to_string(),
            scope: None,
            auth_time: 0,
            exp: 0,
            iat: 0,
            jti: "jti123".to_string(),
            username: None,
            custom_claims: HashMap::new(),
        };

        claims
            .custom_claims
            .insert("test_claim".to_string(), Value::Bool(true));

        assert!(validator.validate(&claims).is_ok());

        // Test with non-matching value
        let mut claims = CognitoJwtClaims {
            sub: "user123".to_string(),
            iss: "https://example.com".to_string(),
            client_id: "client123".to_string(),
            origin_jti: None,
            event_id: None,
            token_use: "id".to_string(),
            scope: None,
            auth_time: 0,
            exp: 0,
            iat: 0,
            jti: "jti123".to_string(),
            username: None,
            custom_claims: HashMap::new(),
        };

        claims
            .custom_claims
            .insert("test_claim".to_string(), Value::Bool(false));

        assert!(validator.validate(&claims).is_err());
    }

    #[test]
    fn test_regex_validator() {
        let validator = RegexValidator::new("test_claim", r"^[a-z]{3}\d{2}$").unwrap();

        // Test with matching value
        let mut claims = CognitoJwtClaims {
            sub: "user123".to_string(),
            iss: "https://example.com".to_string(),
            client_id: "client123".to_string(),
            origin_jti: None,
            event_id: None,
            token_use: "id".to_string(),
            scope: None,
            auth_time: 0,
            exp: 0,
            iat: 0,
            jti: "jti123".to_string(),
            username: None,
            custom_claims: HashMap::new(),
        };

        claims
            .custom_claims
            .insert("test_claim".to_string(), Value::String("abc12".to_string()));

        assert!(validator.validate(&claims).is_ok());

        // Test with non-matching value
        let mut claims = CognitoJwtClaims {
            sub: "user123".to_string(),
            iss: "https://example.com".to_string(),
            client_id: "client123".to_string(),
            origin_jti: None,
            event_id: None,
            token_use: "id".to_string(),
            scope: None,
            auth_time: 0,
            exp: 0,
            iat: 0,
            jti: "jti123".to_string(),
            username: None,
            custom_claims: HashMap::new(),
        };

        claims
            .custom_claims
            .insert("test_claim".to_string(), Value::String("ABC12".to_string()));

        assert!(validator.validate(&claims).is_err());
    }

    #[test]
    fn test_array_contains_validator() {
        let validator = ArrayContainsValidator::new_string("test_claim", "value2");

        // Test with array containing the value
        let mut claims = CognitoJwtClaims {
            sub: "user123".to_string(),
            iss: "https://example.com".to_string(),
            client_id: "client123".to_string(),
            origin_jti: None,
            event_id: None,
            token_use: "id".to_string(),
            scope: None,
            auth_time: 0,
            exp: 0,
            iat: 0,
            jti: "jti123".to_string(),
            username: None,
            custom_claims: HashMap::new(),
        };

        let array = vec![
            Value::String("value1".to_string()),
            Value::String("value2".to_string()),
            Value::String("value3".to_string()),
        ];

        claims
            .custom_claims
            .insert("test_claim".to_string(), Value::Array(array));

        assert!(validator.validate(&claims).is_ok());

        // Test with array not containing the value
        let mut claims = CognitoJwtClaims {
            sub: "user123".to_string(),
            iss: "https://example.com".to_string(),
            client_id: "client123".to_string(),
            origin_jti: None,
            event_id: None,
            token_use: "id".to_string(),
            scope: None,
            auth_time: 0,
            exp: 0,
            iat: 0,
            jti: "jti123".to_string(),
            username: None,
            custom_claims: HashMap::new(),
        };

        let array = vec![
            Value::String("value1".to_string()),
            Value::String("value3".to_string()),
            Value::String("value4".to_string()),
        ];

        claims
            .custom_claims
            .insert("test_claim".to_string(), Value::Array(array));

        assert!(validator.validate(&claims).is_err());
    }

    #[test]
    fn test_and_validator() {
        let validator1 = Box::new(ExistenceValidator::new("claim1"));
        let validator2 = Box::new(ExistenceValidator::new("claim2"));

        let and_validator = AndValidator::new(vec![validator1, validator2]);

        // Test with both claims present
        let mut claims = CognitoJwtClaims {
            sub: "user123".to_string(),
            iss: "https://example.com".to_string(),
            client_id: "client123".to_string(),
            origin_jti: None,
            event_id: None,
            token_use: "id".to_string(),
            scope: None,
            auth_time: 0,
            exp: 0,
            iat: 0,
            jti: "jti123".to_string(),
            username: None,
            custom_claims: HashMap::new(),
        };

        claims
            .custom_claims
            .insert("claim1".to_string(), Value::String("value1".to_string()));
        claims
            .custom_claims
            .insert("claim2".to_string(), Value::String("value2".to_string()));

        assert!(and_validator.validate(&claims).is_ok());

        // Test with one claim missing
        let mut claims = CognitoJwtClaims {
            sub: "user123".to_string(),
            iss: "https://example.com".to_string(),
            client_id: "client123".to_string(),
            origin_jti: None,
            event_id: None,
            token_use: "id".to_string(),
            scope: None,
            auth_time: 0,
            exp: 0,
            iat: 0,
            jti: "jti123".to_string(),
            username: None,
            custom_claims: HashMap::new(),
        };

        claims
            .custom_claims
            .insert("claim1".to_string(), Value::String("value1".to_string()));

        assert!(and_validator.validate(&claims).is_err());
    }

    #[test]
    fn test_or_validator() {
        let validator1 = Box::new(ExistenceValidator::new("claim1"));
        let validator2 = Box::new(ExistenceValidator::new("claim2"));

        let or_validator = OrValidator::new(vec![validator1, validator2]);

        // Test with both claims present
        let mut claims = CognitoJwtClaims {
            sub: "user123".to_string(),
            iss: "https://example.com".to_string(),
            client_id: "client123".to_string(),
            origin_jti: None,
            event_id: None,
            token_use: "id".to_string(),
            scope: None,
            auth_time: 0,
            exp: 0,
            iat: 0,
            jti: "jti123".to_string(),
            username: None,
            custom_claims: HashMap::new(),
        };

        claims
            .custom_claims
            .insert("claim1".to_string(), Value::String("value1".to_string()));
        claims
            .custom_claims
            .insert("claim2".to_string(), Value::String("value2".to_string()));

        assert!(or_validator.validate(&claims).is_ok());

        // Test with only one claim present
        let mut claims = CognitoJwtClaims {
            sub: "user123".to_string(),
            iss: "https://example.com".to_string(),
            client_id: "client123".to_string(),
            origin_jti: None,
            event_id: None,
            token_use: "id".to_string(),
            scope: None,
            auth_time: 0,
            exp: 0,
            iat: 0,
            jti: "jti123".to_string(),
            username: None,
            custom_claims: HashMap::new(),
        };

        claims
            .custom_claims
            .insert("claim2".to_string(), Value::String("value2".to_string()));

        assert!(or_validator.validate(&claims).is_ok());

        // Test with no claims present
        let claims = CognitoJwtClaims {
            sub: "user123".to_string(),
            iss: "https://example.com".to_string(),
            client_id: "client123".to_string(),
            origin_jti: None,
            event_id: None,
            token_use: "id".to_string(),
            scope: None,
            auth_time: 0,
            exp: 0,
            iat: 0,
            jti: "jti123".to_string(),
            username: None,
            custom_claims: HashMap::new(),
        };

        assert!(or_validator.validate(&claims).is_err());
    }
}