Skip to content

OIDC: Standard scopes to determine which claims are returned #1108

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 1, 2022
Merged

OIDC: Standard scopes to determine which claims are returned #1108

merged 2 commits into from
Feb 1, 2022

Conversation

@n2ygk
Copy link
Contributor

@n2ygk n2ygk commented Jan 29, 2022
edited
Loading

Fixes #1107

Description of the Change

Only return standard OIDC claims that are permitted by the granted OIDC scopes (profile, email, address, etc.)

Checklist

  • PR only contains one change (considered splitting up PR)
  • unit-test added
  • documentation updated
  • CHANGELOG.md updated (only for user relevant changes)
  • author name in AUTHORS

@codecov
Copy link

codecov bot commented Jan 29, 2022
edited
Loading

Codecov Report

Merging #1108 (8356964) into master (f46439e) will increase coverage by 0.00%.
The diff coverage is 100.00%.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #1108   +/-   ##
=======================================
  Coverage   96.61%   96.62%           
=======================================
  Files          32       32           
  Lines        1804     1806    +2     
=======================================
+ Hits         1743     1745    +2     
  Misses         61       61
Impacted Files Coverage Δ
oauth2_provider/oauth2_validators.py 93.54% <100.00%> (+0.02%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f46439e...8356964. Read the comment docs.

n2ygk
n2ygk commented Jan 29, 2022
View reviewed changes
@n2ygk
Copy link
Contributor Author

n2ygk commented Jan 29, 2022
edited
Loading

Is the claims parameter actually supported as stated in the docs? Not really. The claims parameter is supported in AuthorizationView and passed upstream to oauthlib but it is not interpreted in any fashion.

The openid-configuration does not assert `"claims_parameter_supported". Per the spec this means it does: "...if omitted, the default value is false."

I will remove the docs reference. Scope-based claims release is probably more than enough functionality improvement at this point.

This implementation is probably better pushed upstream: oauthlib/oauthlib#799 (comment)

@n2ygk n2ygk added this to the 2.0.0 milestone Jan 30, 2022
@n2ygk n2ygk mentioned this pull request Jan 30, 2022
Closed
@n2ygk n2ygk force-pushed the oidc_userinfo_claims_token branch from 5619752 to 3976115 Compare January 30, 2022 18:35
@n2ygk n2ygk marked this pull request as ready for review January 30, 2022 18:59
@n2ygk n2ygk requested a review from a team January 30, 2022 19:00
@Andrew-Chen-Wang
Copy link
Contributor

Andrew-Chen-Wang commented Feb 1, 2022

Are you still looking to merge upstream and close this?

@n2ygk
Copy link
Contributor Author

n2ygk commented Feb 1, 2022

Are you still looking to merge upstream and close this?

Maybe merge here and then look at what upstream stuff can be done and remove this and other stuff that should be upstream later? There's other stuff like oidc metadata that can also potentially go upstream.

Andrew-Chen-Wang
Andrew-Chen-Wang approved these changes Feb 1, 2022
View reviewed changes
Copy link
Contributor

@Andrew-Chen-Wang Andrew-Chen-Wang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sure. lgtm as far as I can tell

@n2ygk n2ygk merged commit 492a867 into django-oauth:master Feb 1, 2022
@n2ygk n2ygk deleted the oidc_userinfo_claims_token branch February 1, 2022 14:17
@n2ygk n2ygk mentioned this pull request Mar 21, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@Andrew-Chen-Wang Andrew-Chen-Wang Andrew-Chen-Wang approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

2.0.0

Development

Successfully merging this pull request may close these issues.

OIDC: 5.4. Requesting Claims using Scope Values

2 participants

@n2ygk @Andrew-Chen-Wang