From cd5d866c6e5d2a720032bde9af57c0c5fff676c9 Mon Sep 17 00:00:00 2001
From: Julien Stroheker <juliens@microsoft.com>
Date: Wed, 19 Feb 2025 15:29:27 -0500
Subject: [PATCH] add validatePoPClaims in ROPC convert

---
 pkg/internal/converter/convert.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pkg/internal/converter/convert.go b/pkg/internal/converter/convert.go
index fa9cd3e1..96104c3b 100644
--- a/pkg/internal/converter/convert.go
+++ b/pkg/internal/converter/convert.go
@@ -406,6 +406,12 @@ func Convert(o Options, pathOptions *clientcmd.PathOptions) error {
 				exec.Args = append(exec.Args, argIsLegacy)
 			}
 
+			// PoP token flags are optional but must be provided together
+			exec.Args, err = validatePoPClaims(exec.Args, isPoPTokenEnabled, argPoPTokenClaims, argPoPTokenClaimsVal)
+			if err != nil {
+				return err
+			}
+
 		case token.WorkloadIdentityLogin:
 
 			if o.isSet(flagClientID) {