18F · amirbey · May 16, 2024 · May 9, 2024 · May 9, 2024 · May 10, 2024
diff --git a/.ruby-version b/.ruby-version
@@ -1 +1 @@
-3.2
+3.2.0
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -204,7 +204,7 @@ GEM
     method_source (1.0.0)
     mini_cache (1.1.0)
     mini_mime (1.1.5)
-    mini_portile2 (2.8.5)
+    mini_portile2 (2.8.6)
     minitest (5.19.0)
     msgpack (1.7.2)
     nenv (0.3.0)
@@ -219,7 +219,7 @@ GEM
       net-protocol
     newrelic_rpm (8.16.0)
     nio4r (2.7.0)
-    nokogiri (1.16.2)
+    nokogiri (1.16.5)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
     notiffany (0.1.3)

diff --git a/app/models/certificate.rb b/app/models/certificate.rb
@@ -193,6 +193,7 @@ def token_for_valid_certificate(extra)
         subject: subject_s,
         issuer: issuer.to_s,
         uuid: piv.uuid,
+        key_id: key_id,
       )
     )
   end

diff --git a/spec/controllers/identify_controller_spec.rb b/spec/controllers/identify_controller_spec.rb
@@ -135,7 +135,7 @@
             allow(OcspService).to receive(:new).and_return(ocsp_responder)
           end
 
-          it 'returns a token with a uuid and subject and logs certificate metadata' do
+          it 'returns a token with a uuid, subject, key id, and logs certificate metadata' do
             allow(IdentityConfig.store).to receive(:client_cert_escaped).and_return(true)
 
             cert = Certificate.new(client_cert)
@@ -169,6 +169,7 @@
             expect(token).to be_truthy
 
             expect(token_contents['nonce']).to eq '123'
+            expect(token_contents['key_id']).to eq(cert.key_id)
 
             # N.B.: we do this split/sort because DNs match without respect to
             # ordering of components. OpenSSL::X509::Name doesn't match correctly.