Pass scope to OIDC_IDTOKEN_PROCESSING_HOOK

The ID token processing hook might want to add claims to the ID token
conditionally based on the scope parameter.  Therefore it would be very
useful to provide the scope parameter to the processing hook.

oidc_provider/lib/utils/common.py

@@ -114,7 +114,7 @@ def default_after_end_session_hook(request, id_token=None, post_logout_redirect_
     return None
 
 
-def default_idtoken_processing_hook(id_token, user):
+def default_idtoken_processing_hook(id_token, user, scope=None):
     """
     Hook to perform some additional actions ti `id_token` dictionary just before serialization.
 
@@ -124,6 +124,9 @@ def default_idtoken_processing_hook(id_token, user):
     :param user: user for whom id_token is generated
     :type user: User
 
+    :param scope: scope for the token
+    :type scope: list[str]|None
+
     :return: custom modified dictionary of values for `id_token`
     :rtype dict
     """

oidc_provider/lib/utils/token.py

@@ -53,13 +53,14 @@ def create_id_token(user, aud, nonce='', at_hash='', request=None, scope=[]):
     if ('email' in scope) and getattr(user, 'email', None):
         dic['email'] = user.email
 
-    processing_hook = settings.get('OIDC_IDTOKEN_PROCESSING_HOOK')
+    processing_hooks = settings.get('OIDC_IDTOKEN_PROCESSING_HOOK')
 
-    if isinstance(processing_hook, (list, tuple)):
-        for hook in processing_hook:
-            dic = settings.import_from_str(hook)(dic, user=user)
-    else:
-        dic = settings.import_from_str(processing_hook)(dic, user=user)
+    if not isinstance(processing_hooks, (list, tuple)):
+        processing_hooks = [processing_hooks]
+
+    for hook_string in processing_hooks:
+        hook = settings.import_from_str(hook_string)
+        dic = hook(dic, user=user, scope=scope)
 
     return dic