feat(oidc): client id claims (#3150)

Adds the authorized party (azp) and client_id registered claims to ID Tokens.
pull/3144/head
James Elliott 2022-04-09 16:55:24 +10:00 committed by GitHub
parent 148ec1e2e0
commit e7112bfbd6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 15 additions and 4 deletions

View File

@ -552,6 +552,8 @@ individual user as per the [Subject Identifier Types] specification. Please use
| iat | number | _N/A_ | The time when the token was issued |
| jti | string(uuid) | _N/A_ | A JWT Identifier in the form of a [RFC4122] UUID V4 |
| amr | array[string] | _N/A_ | An [RFC8176] list of authentication method reference values |
| azp | string | id (client) | The authorized party |
| client_id | string | id (client) | The client id |
### groups

View File

@ -32,6 +32,8 @@ func NewOpenIDConnectWellKnownConfiguration(enablePKCEPlainChallenge, pairwise b
ClaimsSupported: []string{
"amr",
"aud",
"azp",
"client_id",
"exp",
"iat",
"iss",

View File

@ -170,9 +170,11 @@ func TestOpenIDConnectProvider_NewOpenIDConnectProvider_GetOpenIDConnectWellKnow
assert.Contains(t, disco.RequestObjectSigningAlgValuesSupported, "RS256")
assert.Contains(t, disco.RequestObjectSigningAlgValuesSupported, "none")
assert.Len(t, disco.ClaimsSupported, 16)
assert.Len(t, disco.ClaimsSupported, 18)
assert.Contains(t, disco.ClaimsSupported, "amr")
assert.Contains(t, disco.ClaimsSupported, "aud")
assert.Contains(t, disco.ClaimsSupported, "azp")
assert.Contains(t, disco.ClaimsSupported, "client_id")
assert.Contains(t, disco.ClaimsSupported, "exp")
assert.Contains(t, disco.ClaimsSupported, "iat")
assert.Contains(t, disco.ClaimsSupported, "iss")
@ -245,9 +247,11 @@ func TestOpenIDConnectProvider_NewOpenIDConnectProvider_GetOAuth2WellKnownConfig
assert.Contains(t, disco.ResponseTypesSupported, "code token id_token")
assert.Contains(t, disco.ResponseTypesSupported, "none")
assert.Len(t, disco.ClaimsSupported, 16)
assert.Contains(t, disco.ClaimsSupported, "aud")
assert.Len(t, disco.ClaimsSupported, 18)
assert.Contains(t, disco.ClaimsSupported, "amr")
assert.Contains(t, disco.ClaimsSupported, "aud")
assert.Contains(t, disco.ClaimsSupported, "azp")
assert.Contains(t, disco.ClaimsSupported, "client_id")
assert.Contains(t, disco.ClaimsSupported, "exp")
assert.Contains(t, disco.ClaimsSupported, "iat")
assert.Contains(t, disco.ClaimsSupported, "iss")

View File

@ -70,6 +70,9 @@ func NewSessionWithAuthorizeRequest(issuer, kid, username string, amr []string,
session.Claims.Audience = append(session.Claims.Audience, requester.GetClient().GetID())
}
session.Claims.Add("azp", session.ClientID)
session.Claims.Add("client_id", session.ClientID)
return session
}