sso: expose same info in id_token and userinfo endpoint

2021-02-01 16:56:50 +01:00 · 2021-02-01 16:56:50 +01:00 · c4c810cd25
parent b3483a9b6d
commit c4c810cd25
2 changed files with 10 additions and 11 deletions
--- a/sso/oauth2.py
+++ b/sso/oauth2.py
@ -41,7 +41,14 @@ def exists_nonce(nonce, req):


 def generate_user_info(user, scope):
-    return UserInfo(sub=str(user.get_user_id()), name=user.username)
+    return UserInfo(
+        sub=user.username,
+        name=user.gecos,
+        email=user.email,
+        preferred_username=user.username,
+        nickname=user.username,
+        groups=user.groups,
+        )


 def create_authorization_code(client, grant_user, request):
--- a/sso/views.py
+++ b/sso/views.py
@ -16,7 +16,7 @@ from sso.directory import LDAPUserProxy, check_credentials
 from sso.models import db, Token, Client
 from sso.forms import LoginForm, ClientForm
 from sso.utils import get_object_or_404
-from sso.oauth2 import authorization, require_oauth
+from sso.oauth2 import authorization, require_oauth, generate_user_info
 from authlib.oauth2 import OAuth2Error
 from authlib.common.security import generate_token
 from authlib.integrations.flask_oauth2 import current_token
@ -206,15 +206,7 @@ def api_profile():
@bp.route("/api/1/userinfo")
@require_oauth("profile:read openid", "OR")
 def api_userinfo():
-    user = current_token.user
-    return jsonify(
-        sub=user.username,
-        name=user.gecos,
-        email=user.email,
-        preferred_username=user.username,
-        nickname=user.username,
-        groups=user.groups,
-    )
+    return jsonify(generate_user_info(current_token.user, current_token.scope))


@bp.route("/.well-known/openid-configuration")