From c4c810cd255a7bfcab5ced3fb88c8b311b518c34 Mon Sep 17 00:00:00 2001 From: Piotr Dobrowolski Date: Mon, 1 Feb 2021 16:56:50 +0100 Subject: [PATCH] sso: expose same info in id_token and userinfo endpoint --- sso/oauth2.py | 9 ++++++++- sso/views.py | 12 ++---------- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/sso/oauth2.py b/sso/oauth2.py index f2660ab..aa07e1a 100644 --- a/sso/oauth2.py +++ b/sso/oauth2.py @@ -41,7 +41,14 @@ def exists_nonce(nonce, req): def generate_user_info(user, scope): - return UserInfo(sub=str(user.get_user_id()), name=user.username) + return UserInfo( + sub=user.username, + name=user.gecos, + email=user.email, + preferred_username=user.username, + nickname=user.username, + groups=user.groups, + ) def create_authorization_code(client, grant_user, request): diff --git a/sso/views.py b/sso/views.py index 4d7d318..10c3b43 100644 --- a/sso/views.py +++ b/sso/views.py @@ -16,7 +16,7 @@ from sso.directory import LDAPUserProxy, check_credentials from sso.models import db, Token, Client from sso.forms import LoginForm, ClientForm from sso.utils import get_object_or_404 -from sso.oauth2 import authorization, require_oauth +from sso.oauth2 import authorization, require_oauth, generate_user_info from authlib.oauth2 import OAuth2Error from authlib.common.security import generate_token from authlib.integrations.flask_oauth2 import current_token @@ -206,15 +206,7 @@ def api_profile(): @bp.route("/api/1/userinfo") @require_oauth("profile:read openid", "OR") def api_userinfo(): - user = current_token.user - return jsonify( - sub=user.username, - name=user.gecos, - email=user.email, - preferred_username=user.username, - nickname=user.username, - groups=user.groups, - ) + return jsonify(generate_user_info(current_token.user, current_token.scope)) @bp.route("/.well-known/openid-configuration")