fix(oidc-auth): comma formatted bound claims required space formatting

internal/pkg/modifiers/comma_space_map_modifier.go

@@ -27,21 +27,36 @@ func (m CommaSpaceMapModifier) PlanModifyMap(ctx context.Context, req planmodifi
 	planElements := req.PlanValue.Elements()
 	newElements := make(map[string]types.String)
 
+	// Check config format if available
+	var configFormat bool // true = spaces, false = no spaces
+	if !req.ConfigValue.IsNull() {
+		configElements := req.ConfigValue.Elements()
+		// Look at first value to determine format
+		for _, v := range configElements {
+			if str, ok := v.(types.String); ok && !str.IsNull() {
+				configFormat = strings.Contains(str.ValueString(), ", ")
+				break
+			}
+		}
+	}
+
 	for key, value := range planElements {
 		strValue := value.(types.String)
 		if !strValue.IsNull() && !strValue.IsUnknown() {
 			parts := strings.Split(strValue.ValueString(), ",")
-
-			// Trim spaces from each part and rejoin with ", "
 			for i, part := range parts {
 				parts[i] = strings.TrimSpace(part)
 			}
 
-			formattedValue := strings.Join(parts, ", ")
+			var formattedValue string
+			if configFormat {
+				formattedValue = strings.Join(parts, ", ")
+			} else {
+				formattedValue = strings.Join(parts, ",")
+			}
 
 			newElements[key] = types.StringValue(formattedValue)
 		} else {
-			// Preserve null/unknown values
 			newElements[key] = strValue
 		}
 	}
@@ -55,6 +70,7 @@ func (m CommaSpaceMapModifier) PlanModifyMap(ctx context.Context, req planmodifi
 	resp.PlanValue = newMapValue
 }
 
+// CommaSpaceMap returns a new instance of CommaSpaceMapModifier
 func CommaSpaceMap() CommaSpaceMapModifier {
 	return CommaSpaceMapModifier{}
 }

internal/provider/resource/identity_oidc_auth.go

@@ -6,6 +6,7 @@ import (
 	"strconv"
 	"strings"
 	infisical "terraform-provider-infisical/internal/client"
+	infisicalclient "terraform-provider-infisical/internal/client"
 	pkg "terraform-provider-infisical/internal/pkg/modifiers"
 	infisicalstrings "terraform-provider-infisical/internal/pkg/strings"
 	"terraform-provider-infisical/internal/pkg/terraform"
@@ -166,7 +167,7 @@ func (r *IdentityOidcAuthResource) Configure(_ context.Context, req resource.Con
 	r.client = client
 }
 
-func updateOidcAuthStateByApi(ctx context.Context, diagnose diag.Diagnostics, plan *IdentityOidcAuthResourceModel, newIdentityOidcAuth *infisical.IdentityOidcAuth) {
+func updateOidcAuthStateByApi(ctx context.Context, diagnose diag.Diagnostics, plan *IdentityOidcAuthResourceModel, newIdentityOidcAuth *infisicalclient.IdentityOidcAuth) {
 	plan.AccessTokenMaxTTL = types.Int64Value(newIdentityOidcAuth.AccessTokenMaxTTL)
 	plan.AccessTokenTTL = types.Int64Value(newIdentityOidcAuth.AccessTokenTTL)
 	plan.AccessTokenNumUsesLimit = types.Int64Value(newIdentityOidcAuth.AccessTokenNumUsesLimit)
@@ -178,7 +179,27 @@ func updateOidcAuthStateByApi(ctx context.Context, diagnose diag.Diagnostics, pl
 
 	boundClaimsElements := make(map[string]attr.Value)
 	for key, value := range newIdentityOidcAuth.BoundClaims {
-		boundClaimsElements[key] = types.StringValue(value)
+		// Check plan format
+		useSpaces := false
+		if !plan.BoundClaims.IsNull() {
+			if planValue, ok := plan.BoundClaims.Elements()[key]; ok {
+				planStr := planValue.(types.String).ValueString()
+				useSpaces = strings.Contains(planStr, ", ")
+			}
+		}
+
+		// Split and normalize
+		parts := strings.Split(value, ",")
+		for i, part := range parts {
+			parts[i] = strings.TrimSpace(part)
+		}
+
+		// Use the same format as the plan
+		if useSpaces {
+			boundClaimsElements[key] = types.StringValue(strings.Join(parts, ", "))
+		} else {
+			boundClaimsElements[key] = types.StringValue(strings.Join(parts, ","))
+		}
 	}
 
 	boundClaimsMapValue, diags := types.MapValue(types.StringType, boundClaimsElements)
@@ -312,7 +333,7 @@ func (r *IdentityOidcAuthResource) Read(ctx context.Context, req resource.ReadRe
 	})
 
 	if err != nil {
-		if err == infisical.ErrNotFound {
+		if err == infisicalclient.ErrNotFound {
 			resp.State.RemoveResource(ctx)
 			return
 		} else {