From 1cd7dd3d2c63037667c3e6e4b49036b20abedb9d Mon Sep 17 00:00:00 2001
From: Maxime Besson <maxime.besson@worteks.com>
Date: Mon, 1 Feb 2021 16:57:46 +0100
Subject: [PATCH] Add hook for access token JWT payload (#2419)

---
 .../lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm             | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm
index fd7fdf511..a0fb4437d 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm
@@ -788,6 +788,11 @@ sub maybeJWT {
             $access_token_payload->{sub} = $claims->{sub};
         }
 
+        # Call hook to let the user modify payload
+        my $h = $self->p->processHook( $req, 'oidcGenerateAccessToken',
+            $access_token_payload, $rp );
+        return undef if ( $h != PE_OK );
+
         # Get signature algorithm
         my $alg = $self->conf->{oidcRPMetaDataOptions}->{$rp}
           ->{oidcRPMetaDataOptionsAccessTokenSignAlg} || "RS256";