mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
feat(oidc): client id claims (#3150)
Adds the authorized party (azp) and client_id registered claims to ID Tokens.
This commit is contained in:
parent
148ec1e2e0
commit
e7112bfbd6
|
@ -552,7 +552,9 @@ individual user as per the [Subject Identifier Types] specification. Please use
|
||||||
| iat | number | _N/A_ | The time when the token was issued |
|
| iat | number | _N/A_ | The time when the token was issued |
|
||||||
| jti | string(uuid) | _N/A_ | A JWT Identifier in the form of a [RFC4122] UUID V4 |
|
| jti | string(uuid) | _N/A_ | A JWT Identifier in the form of a [RFC4122] UUID V4 |
|
||||||
| amr | array[string] | _N/A_ | An [RFC8176] list of authentication method reference values |
|
| amr | array[string] | _N/A_ | An [RFC8176] list of authentication method reference values |
|
||||||
|
| azp | string | id (client) | The authorized party |
|
||||||
|
| client_id | string | id (client) | The client id |
|
||||||
|
|
||||||
### groups
|
### groups
|
||||||
|
|
||||||
This scope includes the groups the authentication backend reports the user is a member of in the token.
|
This scope includes the groups the authentication backend reports the user is a member of in the token.
|
||||||
|
|
|
@ -32,6 +32,8 @@ func NewOpenIDConnectWellKnownConfiguration(enablePKCEPlainChallenge, pairwise b
|
||||||
ClaimsSupported: []string{
|
ClaimsSupported: []string{
|
||||||
"amr",
|
"amr",
|
||||||
"aud",
|
"aud",
|
||||||
|
"azp",
|
||||||
|
"client_id",
|
||||||
"exp",
|
"exp",
|
||||||
"iat",
|
"iat",
|
||||||
"iss",
|
"iss",
|
||||||
|
|
|
@ -170,9 +170,11 @@ func TestOpenIDConnectProvider_NewOpenIDConnectProvider_GetOpenIDConnectWellKnow
|
||||||
assert.Contains(t, disco.RequestObjectSigningAlgValuesSupported, "RS256")
|
assert.Contains(t, disco.RequestObjectSigningAlgValuesSupported, "RS256")
|
||||||
assert.Contains(t, disco.RequestObjectSigningAlgValuesSupported, "none")
|
assert.Contains(t, disco.RequestObjectSigningAlgValuesSupported, "none")
|
||||||
|
|
||||||
assert.Len(t, disco.ClaimsSupported, 16)
|
assert.Len(t, disco.ClaimsSupported, 18)
|
||||||
assert.Contains(t, disco.ClaimsSupported, "amr")
|
assert.Contains(t, disco.ClaimsSupported, "amr")
|
||||||
assert.Contains(t, disco.ClaimsSupported, "aud")
|
assert.Contains(t, disco.ClaimsSupported, "aud")
|
||||||
|
assert.Contains(t, disco.ClaimsSupported, "azp")
|
||||||
|
assert.Contains(t, disco.ClaimsSupported, "client_id")
|
||||||
assert.Contains(t, disco.ClaimsSupported, "exp")
|
assert.Contains(t, disco.ClaimsSupported, "exp")
|
||||||
assert.Contains(t, disco.ClaimsSupported, "iat")
|
assert.Contains(t, disco.ClaimsSupported, "iat")
|
||||||
assert.Contains(t, disco.ClaimsSupported, "iss")
|
assert.Contains(t, disco.ClaimsSupported, "iss")
|
||||||
|
@ -245,9 +247,11 @@ func TestOpenIDConnectProvider_NewOpenIDConnectProvider_GetOAuth2WellKnownConfig
|
||||||
assert.Contains(t, disco.ResponseTypesSupported, "code token id_token")
|
assert.Contains(t, disco.ResponseTypesSupported, "code token id_token")
|
||||||
assert.Contains(t, disco.ResponseTypesSupported, "none")
|
assert.Contains(t, disco.ResponseTypesSupported, "none")
|
||||||
|
|
||||||
assert.Len(t, disco.ClaimsSupported, 16)
|
assert.Len(t, disco.ClaimsSupported, 18)
|
||||||
assert.Contains(t, disco.ClaimsSupported, "aud")
|
|
||||||
assert.Contains(t, disco.ClaimsSupported, "amr")
|
assert.Contains(t, disco.ClaimsSupported, "amr")
|
||||||
|
assert.Contains(t, disco.ClaimsSupported, "aud")
|
||||||
|
assert.Contains(t, disco.ClaimsSupported, "azp")
|
||||||
|
assert.Contains(t, disco.ClaimsSupported, "client_id")
|
||||||
assert.Contains(t, disco.ClaimsSupported, "exp")
|
assert.Contains(t, disco.ClaimsSupported, "exp")
|
||||||
assert.Contains(t, disco.ClaimsSupported, "iat")
|
assert.Contains(t, disco.ClaimsSupported, "iat")
|
||||||
assert.Contains(t, disco.ClaimsSupported, "iss")
|
assert.Contains(t, disco.ClaimsSupported, "iss")
|
||||||
|
|
|
@ -70,6 +70,9 @@ func NewSessionWithAuthorizeRequest(issuer, kid, username string, amr []string,
|
||||||
session.Claims.Audience = append(session.Claims.Audience, requester.GetClient().GetID())
|
session.Claims.Audience = append(session.Claims.Audience, requester.GetClient().GetID())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
session.Claims.Add("azp", session.ClientID)
|
||||||
|
session.Claims.Add("client_id", session.ClientID)
|
||||||
|
|
||||||
return session
|
return session
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user