idp_oidc: only set default_value for claims requested by the scopes (#31749)
This commit is contained in:
parent
56dd857a39
commit
32daf24ae6
|
@ -175,9 +175,11 @@ def create_user_info(request, client, user, scope_set, id_token=False):
|
|||
'__wanted_attributes': client.get_wanted_attributes(),
|
||||
})
|
||||
claims = client.oidcclaim_set.filter(name__isnull=False)
|
||||
claims_to_show = set()
|
||||
for claim in claims:
|
||||
if not set(claim.get_scopes()).intersection(scope_set):
|
||||
continue
|
||||
claims_to_show.add(claim)
|
||||
if claim.value not in attributes:
|
||||
continue
|
||||
attribute_value = attributes[claim.value]
|
||||
|
@ -187,7 +189,7 @@ def create_user_info(request, client, user, scope_set, id_token=False):
|
|||
# check if attribute is verified
|
||||
if claim.value + ':verified' in attributes:
|
||||
user_info[claim.name + '_verified'] = True
|
||||
for claim in claims:
|
||||
for claim in claims_to_show:
|
||||
if claim.name not in user_info:
|
||||
user_info[claim.name] = None
|
||||
hooks.call_hooks('idp_oidc_modify_user_info', client, user, scope_set, user_info)
|
||||
|
|
Loading…
Reference in New Issue