sso: expose same info in id_token and userinfo endpoint
This commit is contained in:
parent
b3483a9b6d
commit
c4c810cd25
2 changed files with 10 additions and 11 deletions
|
@ -41,7 +41,14 @@ def exists_nonce(nonce, req):
|
||||||
|
|
||||||
|
|
||||||
def generate_user_info(user, scope):
|
def generate_user_info(user, scope):
|
||||||
return UserInfo(sub=str(user.get_user_id()), name=user.username)
|
return UserInfo(
|
||||||
|
sub=user.username,
|
||||||
|
name=user.gecos,
|
||||||
|
email=user.email,
|
||||||
|
preferred_username=user.username,
|
||||||
|
nickname=user.username,
|
||||||
|
groups=user.groups,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
def create_authorization_code(client, grant_user, request):
|
def create_authorization_code(client, grant_user, request):
|
||||||
|
|
12
sso/views.py
12
sso/views.py
|
@ -16,7 +16,7 @@ from sso.directory import LDAPUserProxy, check_credentials
|
||||||
from sso.models import db, Token, Client
|
from sso.models import db, Token, Client
|
||||||
from sso.forms import LoginForm, ClientForm
|
from sso.forms import LoginForm, ClientForm
|
||||||
from sso.utils import get_object_or_404
|
from sso.utils import get_object_or_404
|
||||||
from sso.oauth2 import authorization, require_oauth
|
from sso.oauth2 import authorization, require_oauth, generate_user_info
|
||||||
from authlib.oauth2 import OAuth2Error
|
from authlib.oauth2 import OAuth2Error
|
||||||
from authlib.common.security import generate_token
|
from authlib.common.security import generate_token
|
||||||
from authlib.integrations.flask_oauth2 import current_token
|
from authlib.integrations.flask_oauth2 import current_token
|
||||||
|
@ -206,15 +206,7 @@ def api_profile():
|
||||||
@bp.route("/api/1/userinfo")
|
@bp.route("/api/1/userinfo")
|
||||||
@require_oauth("profile:read openid", "OR")
|
@require_oauth("profile:read openid", "OR")
|
||||||
def api_userinfo():
|
def api_userinfo():
|
||||||
user = current_token.user
|
return jsonify(generate_user_info(current_token.user, current_token.scope))
|
||||||
return jsonify(
|
|
||||||
sub=user.username,
|
|
||||||
name=user.gecos,
|
|
||||||
email=user.email,
|
|
||||||
preferred_username=user.username,
|
|
||||||
nickname=user.username,
|
|
||||||
groups=user.groups,
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
@bp.route("/.well-known/openid-configuration")
|
@bp.route("/.well-known/openid-configuration")
|
||||||
|
|
Loading…
Reference in a new issue