feat(oidc): client id claims (#3150)
Adds the authorized party (azp) and client_id registered claims to ID Tokens.pull/3144/head
parent
148ec1e2e0
commit
e7112bfbd6
|
@ -552,6 +552,8 @@ individual user as per the [Subject Identifier Types] specification. Please use
|
|||
| iat | number | _N/A_ | The time when the token was issued |
|
||||
| jti | string(uuid) | _N/A_ | A JWT Identifier in the form of a [RFC4122] UUID V4 |
|
||||
| amr | array[string] | _N/A_ | An [RFC8176] list of authentication method reference values |
|
||||
| azp | string | id (client) | The authorized party |
|
||||
| client_id | string | id (client) | The client id |
|
||||
|
||||
### groups
|
||||
|
||||
|
|
|
@ -32,6 +32,8 @@ func NewOpenIDConnectWellKnownConfiguration(enablePKCEPlainChallenge, pairwise b
|
|||
ClaimsSupported: []string{
|
||||
"amr",
|
||||
"aud",
|
||||
"azp",
|
||||
"client_id",
|
||||
"exp",
|
||||
"iat",
|
||||
"iss",
|
||||
|
|
|
@ -170,9 +170,11 @@ func TestOpenIDConnectProvider_NewOpenIDConnectProvider_GetOpenIDConnectWellKnow
|
|||
assert.Contains(t, disco.RequestObjectSigningAlgValuesSupported, "RS256")
|
||||
assert.Contains(t, disco.RequestObjectSigningAlgValuesSupported, "none")
|
||||
|
||||
assert.Len(t, disco.ClaimsSupported, 16)
|
||||
assert.Len(t, disco.ClaimsSupported, 18)
|
||||
assert.Contains(t, disco.ClaimsSupported, "amr")
|
||||
assert.Contains(t, disco.ClaimsSupported, "aud")
|
||||
assert.Contains(t, disco.ClaimsSupported, "azp")
|
||||
assert.Contains(t, disco.ClaimsSupported, "client_id")
|
||||
assert.Contains(t, disco.ClaimsSupported, "exp")
|
||||
assert.Contains(t, disco.ClaimsSupported, "iat")
|
||||
assert.Contains(t, disco.ClaimsSupported, "iss")
|
||||
|
@ -245,9 +247,11 @@ func TestOpenIDConnectProvider_NewOpenIDConnectProvider_GetOAuth2WellKnownConfig
|
|||
assert.Contains(t, disco.ResponseTypesSupported, "code token id_token")
|
||||
assert.Contains(t, disco.ResponseTypesSupported, "none")
|
||||
|
||||
assert.Len(t, disco.ClaimsSupported, 16)
|
||||
assert.Contains(t, disco.ClaimsSupported, "aud")
|
||||
assert.Len(t, disco.ClaimsSupported, 18)
|
||||
assert.Contains(t, disco.ClaimsSupported, "amr")
|
||||
assert.Contains(t, disco.ClaimsSupported, "aud")
|
||||
assert.Contains(t, disco.ClaimsSupported, "azp")
|
||||
assert.Contains(t, disco.ClaimsSupported, "client_id")
|
||||
assert.Contains(t, disco.ClaimsSupported, "exp")
|
||||
assert.Contains(t, disco.ClaimsSupported, "iat")
|
||||
assert.Contains(t, disco.ClaimsSupported, "iss")
|
||||
|
|
|
@ -70,6 +70,9 @@ func NewSessionWithAuthorizeRequest(issuer, kid, username string, amr []string,
|
|||
session.Claims.Audience = append(session.Claims.Audience, requester.GetClient().GetID())
|
||||
}
|
||||
|
||||
session.Claims.Add("azp", session.ClientID)
|
||||
session.Claims.Add("client_id", session.ClientID)
|
||||
|
||||
return session
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue