idp oidc: skip unset attributes in user-info (#23643)
This commit is contained in:
parent
74c29b60a9
commit
465df3f788
|
@ -172,6 +172,8 @@ def create_user_info(client, user, scope_set, id_token=False):
|
|||
for claim in client.oidcclaim_set.filter(name__isnull=False):
|
||||
if not set(claim.get_scopes()).intersection(scope_set):
|
||||
continue
|
||||
if not claim.value in attributes:
|
||||
continue
|
||||
user_info[claim.name] = normalize_claim_values(attributes[claim.value])
|
||||
# check if attribute is verified
|
||||
if claim.value + ':verified' in attributes:
|
||||
|
|
|
@ -253,6 +253,12 @@ def test_authorization_code_sso(login_first, oidc_settings, oidc_client, simple_
|
|||
assert response.json['ou'] == simple_user.ou.name
|
||||
assert response.json['roles'][0] == 'Whatever'
|
||||
|
||||
# check against a user without username
|
||||
simple_user.username = None
|
||||
simple_user.save()
|
||||
response = app.get(user_info_url, headers=bearer_authentication_headers(access_token))
|
||||
assert 'preferred_username' not in response.json
|
||||
|
||||
# Now logout
|
||||
if oidc_client.post_logout_redirect_uris:
|
||||
params = {
|
||||
|
|
Loading…
Reference in New Issue