dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use computed scopes to fill claims in ID token (#2424)

Browse Source
This commit is contained in:
Maxime Besson 2021-02-26 09:49:39 +01:00
parent 534745e5a2
commit 6b9670c29d
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
View File

@ -770,7 +770,7 @@ sub run {
my $id_token =
$self->_generateIDToken( $req, $oidc_request,
$rp, { at_hash => $at_hash } );
$rp, $scope, { at_hash => $at_hash } );
unless ($id_token) {
$self->logger->error("Could not generate ID token");
@ -865,7 +865,7 @@ sub run {
$id_token = $self->_generateIDToken(
$req,
$oidc_request,
$rp,
$rp, $scope,
{
at_hash => $at_hash,
c_hash => $c_hash,
@ -2316,7 +2316,7 @@ sub _convertOldFormatConsents {
}
sub _generateIDToken {
my ( $self, $req, $oidc_request, $rp, $extra_claims ) = @_;
my ( $self, $req, $oidc_request, $rp, $scope, $extra_claims ) = @_;
my $response_type = $oidc_request->{'response_type'};
my $client_id = $oidc_request->{'client_id'};
@ -2367,8 +2367,7 @@ sub _generateIDToken {
# No access_token
# Claims must be set in id_token
my $claims =
$self->buildUserInfoResponseFromId( $req, $oidc_request->{'scope'},
$rp, $req->id );
$self->buildUserInfoResponseFromId( $req, $scope, $rp, $req->id );
foreach ( keys %$claims ) {
$id_token_payload_hash->{$_} = $claims->{$_}