claims: add JSON serialization for interface arrays

Implement handling of []interface{} types by serializing them to
JSON string format. This allows arrays like ["role1", "role2"] to
be converted to string representations for further processing.

Author: othman-essabir

.changelog/26958.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+oidc: add support for array-based OIDC claims
+```

lib/auth/claims.go

@@ -152,16 +152,23 @@ func getClaim(all map[string]interface{}, claim string) interface{} {
 // stringifyClaimValue will try to convert the provided raw value into a
 // faithful string representation of that value per these rules:
 //
-// - strings      => unchanged
-// - bool         => "true" / "false"
-// - json.Number  => String()
-// - float32/64   => truncated to int64 and then formatted as an ascii string
-// - intXX/uintXX => casted to int64 and then formatted as an ascii string
+// - []interface{} => marshaling to JSON string
+// - strings       => unchanged
+// - bool          => "true" / "false"
+// - json.Number   => String()
+// - float32/64    => truncated to int64 and then formatted as an ascii string
+// - intXX/uintXX  => casted to int64 and then formatted as an ascii string
 //
 // If successful the string value and true are returned. otherwise an empty
 // string and false are returned.
 func stringifyClaimValue(rawValue interface{}) (string, bool) {
 	switch v := rawValue.(type) {
+	case []interface{}:
+		b, err := json.Marshal(v)
+		if err != nil {
+			return "", false
+		}
+		return string(b), true
 	case string:
 		return v, true
 	case bool:

lib/auth/claims_test.go

@@ -6,6 +6,10 @@ package auth
 import (
 	"testing"
 
+	"encoding/json"
+
+	"strconv"
+
 	"github.com/shoenig/test/must"
 
 	"github.com/hashicorp/nomad/nomad/structs"
@@ -87,3 +91,139 @@ func TestSelectorData(t *testing.T) {
 		})
 	}
 }
+
+func TestStringifyClaimValue(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Input    interface{}
+		Expected string
+		OK       bool
+	}{
+		{
+			Name:     "string",
+			Input:    "hello",
+			Expected: "hello",
+			OK:       true,
+		},
+		{
+			Name:     "bool true",
+			Input:    true,
+			Expected: "true",
+			OK:       true,
+		},
+		{
+			Name:     "bool false",
+			Input:    false,
+			Expected: "false",
+			OK:       true,
+		},
+		{
+			Name:     "json.Number",
+			Input:    json.Number("12345"),
+			Expected: "12345",
+			OK:       true,
+		},
+		{
+			Name:     "float64",
+			Input:    float64(42.99),
+			Expected: strconv.FormatInt(42, 10),
+			OK:       true,
+		},
+		{
+			Name:     "float32",
+			Input:    float32(99.9),
+			Expected: strconv.FormatInt(99, 10),
+			OK:       true,
+		},
+		{
+			Name:     "int",
+			Input:    int(123),
+			Expected: "123",
+			OK:       true,
+		},
+		{
+			Name:     "int8",
+			Input:    int8(-8),
+			Expected: "-8",
+			OK:       true,
+		},
+		{
+			Name:     "int16",
+			Input:    int16(16),
+			Expected: "16",
+			OK:       true,
+		},
+		{
+			Name:     "int32",
+			Input:    int32(32),
+			Expected: "32",
+			OK:       true,
+		},
+		{
+			Name:     "int64",
+			Input:    int64(64),
+			Expected: "64",
+			OK:       true,
+		},
+		{
+			Name:     "uint",
+			Input:    uint(321),
+			Expected: "321",
+			OK:       true,
+		},
+		{
+			Name:     "uint8",
+			Input:    uint8(8),
+			Expected: "8",
+			OK:       true,
+		},
+		{
+			Name:     "uint16",
+			Input:    uint16(16),
+			Expected: "16",
+			OK:       true,
+		},
+		{
+			Name:     "uint32",
+			Input:    uint32(32),
+			Expected: "32",
+			OK:       true,
+		},
+		{
+			Name:     "uint64",
+			Input:    uint64(64),
+			Expected: "64",
+			OK:       true,
+		},
+		{
+			Name: "slice of interface{}",
+			Input: []interface{}{
+				"foo", 42, true,
+			},
+			Expected: `["foo",42,true]`,
+			OK:       true,
+		},
+		{
+			Name:     "unknown type",
+			Input:    struct{ X int }{X: 1},
+			Expected: "",
+			OK:       false,
+		},
+		{
+			Name: "invalid JSON slice element",
+			Input: []interface{}{
+				func() {},
+			},
+			Expected: "",
+			OK:       false,
+		},
+	}
+
+	for _, tt := range cases {
+		t.Run(tt.Name, func(t *testing.T) {
+			out, ok := stringifyClaimValue(tt.Input)
+			must.Eq(t, tt.OK, ok)
+			must.Eq(t, tt.Expected, out)
+		})
+	}
+}