修改认证中心对接方式

tests/auth-session.test.ts

@@ -106,6 +106,28 @@ describe("SSO auth helpers", () => {
 
     await expect(verifyAuthJwt(token, authConfig)).rejects.toThrow("client id");
   });
+
+  it("accepts JWTs without optional client and scope claims like AgentBus", async () => {
+    const { publicKey, privateKey } = generateKeyPairSync("rsa", { modulusLength: 2048 });
+    const jwk = publicKey.export({ format: "jwk" }) as TestJwk;
+    jwk.kid = "kid-3";
+    vi.stubGlobal("fetch", async () => new Response(JSON.stringify({ keys: [jwk] }), { status: 200 }));
+
+    const token = signJwt({
+      iss: authConfig.issuer,
+      sub: "zhangsan",
+      exp: Math.floor(Date.now() / 1000) + 600,
+      iat: Math.floor(Date.now() / 1000) - 10,
+      nbf: Math.floor(Date.now() / 1000) - 10,
+      user_id: 1,
+      username: "zhangsan"
+    }, privateKey, "kid-3");
+
+    await expect(verifyAuthJwt(token, authConfig)).resolves.toMatchObject({
+      sub: "zhangsan",
+      user_id: 1
+    });
+  });
 });
 
 function signJwt(payload: Record<string, unknown>, privateKey: KeyObject, kid: string): string {