Use computed scopes to fill claims in ID token (#2424)
This commit is contained in:
parent
534745e5a2
commit
6b9670c29d
|
@ -770,7 +770,7 @@ sub run {
|
|||
|
||||
my $id_token =
|
||||
$self->_generateIDToken( $req, $oidc_request,
|
||||
$rp, { at_hash => $at_hash } );
|
||||
$rp, $scope, { at_hash => $at_hash } );
|
||||
|
||||
unless ($id_token) {
|
||||
$self->logger->error("Could not generate ID token");
|
||||
|
@ -865,7 +865,7 @@ sub run {
|
|||
$id_token = $self->_generateIDToken(
|
||||
$req,
|
||||
$oidc_request,
|
||||
$rp,
|
||||
$rp, $scope,
|
||||
{
|
||||
at_hash => $at_hash,
|
||||
c_hash => $c_hash,
|
||||
|
@ -2316,7 +2316,7 @@ sub _convertOldFormatConsents {
|
|||
}
|
||||
|
||||
sub _generateIDToken {
|
||||
my ( $self, $req, $oidc_request, $rp, $extra_claims ) = @_;
|
||||
my ( $self, $req, $oidc_request, $rp, $scope, $extra_claims ) = @_;
|
||||
|
||||
my $response_type = $oidc_request->{'response_type'};
|
||||
my $client_id = $oidc_request->{'client_id'};
|
||||
|
@ -2367,8 +2367,7 @@ sub _generateIDToken {
|
|||
# No access_token
|
||||
# Claims must be set in id_token
|
||||
my $claims =
|
||||
$self->buildUserInfoResponseFromId( $req, $oidc_request->{'scope'},
|
||||
$rp, $req->id );
|
||||
$self->buildUserInfoResponseFromId( $req, $scope, $rp, $req->id );
|
||||
|
||||
foreach ( keys %$claims ) {
|
||||
$id_token_payload_hash->{$_} = $claims->{$_}
|
||||
|
|
Loading…
Reference in New Issue
Block a user