idp_oidc: only set default_value for claims requested by the scopes (#31749)

2019-03-27 11:03:15 +01:00 · 2019-03-27 11:03:15 +01:00 · 32daf24ae6
parent 56dd857a39
commit 32daf24ae6
1 changed files with 3 additions and 1 deletions
--- a/src/authentic2_idp_oidc/utils.py
+++ b/src/authentic2_idp_oidc/utils.py
@ -175,9 +175,11 @@ def create_user_info(request, client, user, scope_set, id_token=False):
        '__wanted_attributes': client.get_wanted_attributes(),
    })
    claims = client.oidcclaim_set.filter(name__isnull=False)
+    claims_to_show = set()
    for claim in claims:
        if not set(claim.get_scopes()).intersection(scope_set):
            continue
+        claims_to_show.add(claim)
        if claim.value not in attributes:
            continue
        attribute_value = attributes[claim.value]
@ -187,7 +189,7 @@ def create_user_info(request, client, user, scope_set, id_token=False):
        # check if attribute is verified
        if claim.value + ':verified' in attributes:
            user_info[claim.name + '_verified'] = True
-    for claim in claims:
+    for claim in claims_to_show:
        if claim.name not in user_info:
            user_info[claim.name] = None
    hooks.call_hooks('idp_oidc_modify_user_info', client, user, scope_set, user_info)