From a0ba888c1ca21fb5f76974119c669a8a8de0e377 Mon Sep 17 00:00:00 2001 From: strifel <info@strifel.de> Date: Mon, 16 Sep 2024 20:51:23 +0200 Subject: [PATCH] Add claims to id_token --- uffd/views/oauth2.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/uffd/views/oauth2.py b/uffd/views/oauth2.py index 8da8a68..36172f4 100644 --- a/uffd/views/oauth2.py +++ b/uffd/views/oauth2.py @@ -428,6 +428,10 @@ def token(): id_token['iat'] = int(time.time()) id_token['at_hash'] = key.oidc_hash(tok.access_token.encode('ascii')) id_token['exp'] = id_token['iat'] + tok.EXPIRES_IN + + service_user = tok.service_user + id_token.update(render_claims(tok.scopes, (tok.claims or {}).get('userinfo', {}), service_user)) + if grant.nonce: id_token['nonce'] = grant.nonce resp['id_token'] = OAuth2Key.get_preferred_key().encode_jwt(id_token) -- GitLab