sso: expose same info in id_token and userinfo endpoint
This commit is contained in:
parent
b3483a9b6d
commit
c4c810cd25
2 changed files with 10 additions and 11 deletions
|
@ -41,7 +41,14 @@ def exists_nonce(nonce, req):
|
|||
|
||||
|
||||
def generate_user_info(user, scope):
|
||||
return UserInfo(sub=str(user.get_user_id()), name=user.username)
|
||||
return UserInfo(
|
||||
sub=user.username,
|
||||
name=user.gecos,
|
||||
email=user.email,
|
||||
preferred_username=user.username,
|
||||
nickname=user.username,
|
||||
groups=user.groups,
|
||||
)
|
||||
|
||||
|
||||
def create_authorization_code(client, grant_user, request):
|
||||
|
|
12
sso/views.py
12
sso/views.py
|
@ -16,7 +16,7 @@ from sso.directory import LDAPUserProxy, check_credentials
|
|||
from sso.models import db, Token, Client
|
||||
from sso.forms import LoginForm, ClientForm
|
||||
from sso.utils import get_object_or_404
|
||||
from sso.oauth2 import authorization, require_oauth
|
||||
from sso.oauth2 import authorization, require_oauth, generate_user_info
|
||||
from authlib.oauth2 import OAuth2Error
|
||||
from authlib.common.security import generate_token
|
||||
from authlib.integrations.flask_oauth2 import current_token
|
||||
|
@ -206,15 +206,7 @@ def api_profile():
|
|||
@bp.route("/api/1/userinfo")
|
||||
@require_oauth("profile:read openid", "OR")
|
||||
def api_userinfo():
|
||||
user = current_token.user
|
||||
return jsonify(
|
||||
sub=user.username,
|
||||
name=user.gecos,
|
||||
email=user.email,
|
||||
preferred_username=user.username,
|
||||
nickname=user.username,
|
||||
groups=user.groups,
|
||||
)
|
||||
return jsonify(generate_user_info(current_token.user, current_token.scope))
|
||||
|
||||
|
||||
@bp.route("/.well-known/openid-configuration")
|
||||
|
|
Loading…
Reference in a new issue