Allow extra claims to be added to the idtoken by Rebecka Gulliksson.
This commit is contained in:
parent
ec3af7261d
commit
59cb4481e5
|
@ -1311,7 +1311,7 @@ class Server(oauth2.Server):
|
|||
|
||||
def make_id_token(self, session, loa="2", issuer="",
|
||||
alg="RS256", code=None, access_token=None,
|
||||
user_info=None, auth_time=0, exp=None):
|
||||
user_info=None, auth_time=0, exp=None, extra_claims=None):
|
||||
"""
|
||||
|
||||
:param session: Session information
|
||||
|
@ -1366,6 +1366,8 @@ class Server(oauth2.Server):
|
|||
|
||||
halg = "HS%s" % alg[-3:]
|
||||
|
||||
if extra_claims is not None:
|
||||
_args.update(extra_claims)
|
||||
if code:
|
||||
_args["c_hash"] = jws.left_hash(code, halg)
|
||||
if access_token:
|
||||
|
|
|
@ -262,7 +262,8 @@ class Provider(AProvider):
|
|||
self.capabilities[val] = [_enc_enc]
|
||||
|
||||
def id_token_as_signed_jwt(self, session, loa="2", alg="", code=None,
|
||||
access_token=None, user_info=None, auth_time=0):
|
||||
access_token=None, user_info=None, auth_time=0,
|
||||
exp=None, extra_claims=None):
|
||||
|
||||
if alg == "":
|
||||
alg = self.jwx_def["sign_alg"]["id_token"]
|
||||
|
@ -273,7 +274,8 @@ class Provider(AProvider):
|
|||
alg = "none"
|
||||
|
||||
_idt = self.server.make_id_token(session, loa, self.baseurl, alg, code,
|
||||
access_token, user_info, auth_time)
|
||||
access_token, user_info, auth_time,
|
||||
exp, extra_claims)
|
||||
|
||||
logger.debug("id_token: %s" % _idt.to_dict())
|
||||
# My signing key if its RS*, can use client secret if HS*
|
||||
|
|
|
@ -233,14 +233,14 @@ def test_server_authorization_endpoint_id_token():
|
|||
"prompt": ["none"]}
|
||||
|
||||
req = AuthorizationRequest(**bib)
|
||||
AREQ = AuthorizationRequest(response_type="code",
|
||||
areq = AuthorizationRequest(response_type="code",
|
||||
client_id="client_1",
|
||||
redirect_uri="http://example.com/authz",
|
||||
scope=["openid"], state="state000")
|
||||
|
||||
sdb = provider.sdb
|
||||
ae = AuthnEvent("userX")
|
||||
sid = sdb.create_authz_session(ae, AREQ)
|
||||
sid = sdb.create_authz_session(ae, areq)
|
||||
sdb.do_sub(sid)
|
||||
_info = sdb[sid]
|
||||
# All this is jut removed when the id_token is constructed
|
||||
|
@ -528,6 +528,26 @@ def test_idtoken():
|
|||
assert len(id_token.split(".")) == 3
|
||||
|
||||
|
||||
def test_idtoken_with_extra_claims():
|
||||
server = provider_init
|
||||
areq = AuthorizationRequest(response_type="code", client_id=CLIENT_ID,
|
||||
redirect_uri="http://example.com/authz",
|
||||
scope=["openid"], state="state000")
|
||||
aevent = AuthnEvent("sub")
|
||||
sid = server.sdb.create_authz_session(aevent, areq)
|
||||
server.sdb.do_sub(sid)
|
||||
session = server.sdb[sid]
|
||||
|
||||
claims = {'k1': 'v1', 'k2': 32}
|
||||
|
||||
id_token = server.id_token_as_signed_jwt(session, extra_claims=claims)
|
||||
parsed = IdToken().from_jwt(id_token, keyjar=server.keyjar)
|
||||
|
||||
print id_token
|
||||
for key, value in claims.iteritems():
|
||||
assert parsed[key] == value
|
||||
|
||||
|
||||
def test_userinfo_endpoint():
|
||||
server = provider_init
|
||||
|
||||
|
|
Reference in New Issue