dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use computed scopes to fill claims in ID token (#2424)

Browse Source
This commit is contained in:
Maxime Besson 2021-02-26 09:49:39 +01:00
parent 534745e5a2
commit 6b9670c29d
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm
View File

@ -770,7 +770,7 @@ sub run {
my $id_token = my $id_token =
$self->_generateIDToken( $req, $oidc_request, $self->_generateIDToken( $req, $oidc_request,
$rp, { at_hash => $at_hash } ); $rp, $scope, { at_hash => $at_hash } );
unless ($id_token) { unless ($id_token) {
$self->logger->error("Could not generate ID token"); $self->logger->error("Could not generate ID token");
@ -865,7 +865,7 @@ sub run {
$id_token = $self->_generateIDToken( $id_token = $self->_generateIDToken(
$req, $req,
$oidc_request, $oidc_request,
$rp, $rp, $scope,
{ {
at_hash => $at_hash, at_hash => $at_hash,
c_hash => $c_hash, c_hash => $c_hash,
@ -2316,7 +2316,7 @@ sub _convertOldFormatConsents {
} }
sub _generateIDToken { sub _generateIDToken {
my ( $self, $req, $oidc_request, $rp, $extra_claims ) = @_; my ( $self, $req, $oidc_request, $rp, $scope, $extra_claims ) = @_;
my $response_type = $oidc_request->{'response_type'}; my $response_type = $oidc_request->{'response_type'};
my $client_id = $oidc_request->{'client_id'}; my $client_id = $oidc_request->{'client_id'};
@ -2367,8 +2367,7 @@ sub _generateIDToken {
# No access_token # No access_token
# Claims must be set in id_token # Claims must be set in id_token
my $claims = my $claims =
$self->buildUserInfoResponseFromId( $req, $oidc_request->{'scope'}, $self->buildUserInfoResponseFromId( $req, $scope, $rp, $req->id );
$rp, $req->id );
foreach ( keys %$claims ) { foreach ( keys %$claims ) {
$id_token_payload_hash->{$_} = $claims->{$_} $id_token_payload_hash->{$_} = $claims->{$_}