Made token and token_refresh endpoint return requested claims.
This commit is contained in:
parent
65c6cc6fec
commit
8c736b8b08
|
@ -16,12 +16,11 @@ STANDARD_CLAIMS = {
|
|||
|
||||
class ScopeClaims(object):
|
||||
|
||||
def __init__(self, token):
|
||||
self.user = token.user
|
||||
def __init__(self, user, scope):
|
||||
self.user = user
|
||||
claims = copy.deepcopy(STANDARD_CLAIMS)
|
||||
self.userinfo = settings.get('OIDC_USERINFO', import_str=True)(claims, self.user)
|
||||
self.scopes = token.scope
|
||||
self.client = token.client
|
||||
self.scopes = scope
|
||||
|
||||
def create_response_dic(self):
|
||||
"""
|
||||
|
|
|
@ -10,6 +10,7 @@ from jwkest.jws import JWS
|
|||
from jwkest.jwt import JWT
|
||||
|
||||
from oidc_provider.lib.utils.common import get_issuer
|
||||
from oidc_provider.lib.claims import StandardScopeClaims
|
||||
from oidc_provider.models import (
|
||||
Code,
|
||||
RSAKey,
|
||||
|
@ -52,8 +53,13 @@ def create_id_token(user, aud, nonce='', at_hash='', request=None, scope=None):
|
|||
if at_hash:
|
||||
dic['at_hash'] = at_hash
|
||||
|
||||
if ('email' in scope) and getattr(user, 'email', None):
|
||||
dic['email'] = user.email
|
||||
if settings.get('OIDC_EXTRA_SCOPE_CLAIMS'):
|
||||
custom_claims = settings.get('OIDC_EXTRA_SCOPE_CLAIMS', import_str=True)(user, scope)
|
||||
claims = custom_claims.create_response_dic()
|
||||
else:
|
||||
claims = StandardScopeClaims(user=user, scope=scope).create_response_dic()
|
||||
|
||||
dic.update(claims) # modifies dic, adding all requested claims
|
||||
|
||||
processing_hook = settings.get('OIDC_IDTOKEN_PROCESSING_HOOK')
|
||||
|
||||
|
|
|
@ -96,6 +96,7 @@ def userinfo(claims, user):
|
|||
claims['family_name'] = 'Doe'
|
||||
claims['name'] = '{0} {1}'.format(claims['given_name'], claims['family_name'])
|
||||
claims['email'] = user.email
|
||||
claims['email_verified'] = True
|
||||
claims['address']['country'] = 'Argentina'
|
||||
return claims
|
||||
|
||||
|
|
|
@ -15,7 +15,7 @@ class ClaimsTestCase(TestCase):
|
|||
self.scopes = ['openid', 'address', 'email', 'phone', 'profile']
|
||||
self.client = create_fake_client('code')
|
||||
self.token = create_fake_token(self.user, self.scopes, self.client)
|
||||
self.scopeClaims = ScopeClaims(self.token)
|
||||
self.scopeClaims = ScopeClaims(self.token.user, self.token.scope)
|
||||
|
||||
def test_empty_standard_claims(self):
|
||||
for v in [v for k, v in STANDARD_CLAIMS.items() if k != 'address']:
|
||||
|
|
|
@ -300,13 +300,14 @@ class TokenTestCase(TestCase):
|
|||
def test_scope_is_ignored_for_auth_code(self):
|
||||
"""
|
||||
Scope is ignored for token respones to auth code grant type.
|
||||
This comes down to that the scopes requested in authorize are returned.
|
||||
"""
|
||||
SIGKEYS = self._get_keys()
|
||||
for code_scope in [['openid'], ['openid', 'email']]:
|
||||
for code_scope in [['openid'], ['openid', 'email'], ['openid', 'profile']]:
|
||||
code = self._create_code(code_scope)
|
||||
|
||||
post_data = self._auth_code_post_data(
|
||||
code=code.code, scope=['openid', 'profile'])
|
||||
code=code.code, scope=code_scope)
|
||||
|
||||
response = self._post_request(post_data)
|
||||
response_dic = json.loads(response.content.decode('utf-8'))
|
||||
|
@ -317,9 +318,15 @@ class TokenTestCase(TestCase):
|
|||
|
||||
if 'email' in code_scope:
|
||||
self.assertIn('email', id_token)
|
||||
self.assertIn('email_verified', id_token)
|
||||
else:
|
||||
self.assertNotIn('email', id_token)
|
||||
|
||||
if 'profile' in code_scope:
|
||||
self.assertIn('given_name', id_token)
|
||||
else:
|
||||
self.assertNotIn('given_name', id_token)
|
||||
|
||||
def test_refresh_token(self):
|
||||
"""
|
||||
A request to the Token Endpoint can also use a Refresh Token
|
||||
|
|
|
@ -234,7 +234,7 @@ def userinfo(request, *args, **kwargs):
|
|||
'sub': token.id_token.get('sub'),
|
||||
}
|
||||
|
||||
standard_claims = StandardScopeClaims(token)
|
||||
standard_claims = StandardScopeClaims(user=token.user, scope=token.scope)
|
||||
dic.update(standard_claims.create_response_dic())
|
||||
|
||||
if settings.get('OIDC_EXTRA_SCOPE_CLAIMS'):
|
||||
|
|
Loading…
Reference in a new issue