From 59cb4481e5b120aa3aac2ecb254ea801d04b89f1 Mon Sep 17 00:00:00 2001 From: Roland Hedberg Date: Mon, 15 Dec 2014 16:20:44 +0100 Subject: [PATCH] Allow extra claims to be added to the idtoken by Rebecka Gulliksson. --- src/oic/oic/__init__.py | 4 +++- src/oic/oic/provider.py | 6 ++++-- tests/test_oic_provider.py | 24 ++++++++++++++++++++++-- 3 files changed, 29 insertions(+), 5 deletions(-) diff --git a/src/oic/oic/__init__.py b/src/oic/oic/__init__.py index 41318a1..8b2cc78 100644 --- a/src/oic/oic/__init__.py +++ b/src/oic/oic/__init__.py @@ -1311,7 +1311,7 @@ class Server(oauth2.Server): def make_id_token(self, session, loa="2", issuer="", alg="RS256", code=None, access_token=None, - user_info=None, auth_time=0, exp=None): + user_info=None, auth_time=0, exp=None, extra_claims=None): """ :param session: Session information @@ -1366,6 +1366,8 @@ class Server(oauth2.Server): halg = "HS%s" % alg[-3:] + if extra_claims is not None: + _args.update(extra_claims) if code: _args["c_hash"] = jws.left_hash(code, halg) if access_token: diff --git a/src/oic/oic/provider.py b/src/oic/oic/provider.py index f98a5d2..d097409 100644 --- a/src/oic/oic/provider.py +++ b/src/oic/oic/provider.py @@ -262,7 +262,8 @@ class Provider(AProvider): self.capabilities[val] = [_enc_enc] def id_token_as_signed_jwt(self, session, loa="2", alg="", code=None, - access_token=None, user_info=None, auth_time=0): + access_token=None, user_info=None, auth_time=0, + exp=None, extra_claims=None): if alg == "": alg = self.jwx_def["sign_alg"]["id_token"] @@ -273,7 +274,8 @@ class Provider(AProvider): alg = "none" _idt = self.server.make_id_token(session, loa, self.baseurl, alg, code, - access_token, user_info, auth_time) + access_token, user_info, auth_time, + exp, extra_claims) logger.debug("id_token: %s" % _idt.to_dict()) # My signing key if its RS*, can use client secret if HS* diff --git a/tests/test_oic_provider.py b/tests/test_oic_provider.py index 3a06a59..4dcbb89 100644 --- a/tests/test_oic_provider.py +++ b/tests/test_oic_provider.py @@ -233,14 +233,14 @@ def test_server_authorization_endpoint_id_token(): "prompt": ["none"]} req = AuthorizationRequest(**bib) - AREQ = AuthorizationRequest(response_type="code", + areq = AuthorizationRequest(response_type="code", client_id="client_1", redirect_uri="http://example.com/authz", scope=["openid"], state="state000") sdb = provider.sdb ae = AuthnEvent("userX") - sid = sdb.create_authz_session(ae, AREQ) + sid = sdb.create_authz_session(ae, areq) sdb.do_sub(sid) _info = sdb[sid] # All this is jut removed when the id_token is constructed @@ -528,6 +528,26 @@ def test_idtoken(): assert len(id_token.split(".")) == 3 +def test_idtoken_with_extra_claims(): + server = provider_init + areq = AuthorizationRequest(response_type="code", client_id=CLIENT_ID, + redirect_uri="http://example.com/authz", + scope=["openid"], state="state000") + aevent = AuthnEvent("sub") + sid = server.sdb.create_authz_session(aevent, areq) + server.sdb.do_sub(sid) + session = server.sdb[sid] + + claims = {'k1': 'v1', 'k2': 32} + + id_token = server.id_token_as_signed_jwt(session, extra_claims=claims) + parsed = IdToken().from_jwt(id_token, keyjar=server.keyjar) + + print id_token + for key, value in claims.iteritems(): + assert parsed[key] == value + + def test_userinfo_endpoint(): server = provider_init