From a0ba888c1ca21fb5f76974119c669a8a8de0e377 Mon Sep 17 00:00:00 2001
From: strifel <info@strifel.de>
Date: Mon, 16 Sep 2024 20:51:23 +0200
Subject: [PATCH] Add claims to id_token

---
 uffd/views/oauth2.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/uffd/views/oauth2.py b/uffd/views/oauth2.py
index 8da8a68..36172f4 100644
--- a/uffd/views/oauth2.py
+++ b/uffd/views/oauth2.py
@@ -428,6 +428,10 @@ def token():
 		id_token['iat'] = int(time.time())
 		id_token['at_hash'] = key.oidc_hash(tok.access_token.encode('ascii'))
 		id_token['exp'] = id_token['iat'] + tok.EXPIRES_IN
+
+		service_user = tok.service_user
+		id_token.update(render_claims(tok.scopes, (tok.claims or {}).get('userinfo', {}), service_user))
+
 		if grant.nonce:
 			id_token['nonce'] = grant.nonce
 		resp['id_token'] = OAuth2Key.get_preferred_key().encode_jwt(id_token)
-- 
GitLab