summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPiotr Dobrowolski <admin@tastycode.pl>2021-02-01 16:56:50 +0100
committerPiotr Dobrowolski <admin@tastycode.pl>2021-02-01 16:56:50 +0100
commitc4c810cd255a7bfcab5ced3fb88c8b311b518c34 (patch)
treeedcae3b5496fa9a8984d4a6063025e718385ea49
parentb3483a9b6d1248eaf68e429692589217220d9205 (diff)
downloadsso-v2-c4c810cd255a7bfcab5ced3fb88c8b311b518c34.tar.gz
sso-v2-c4c810cd255a7bfcab5ced3fb88c8b311b518c34.tar.bz2
sso-v2-c4c810cd255a7bfcab5ced3fb88c8b311b518c34.tar.xz
sso-v2-c4c810cd255a7bfcab5ced3fb88c8b311b518c34.zip
sso: expose same info in id_token and userinfo endpoint
-rw-r--r--sso/oauth2.py9
-rw-r--r--sso/views.py12
2 files changed, 10 insertions, 11 deletions
diff --git a/sso/oauth2.py b/sso/oauth2.py
index f2660ab..aa07e1a 100644
--- a/sso/oauth2.py
+++ b/sso/oauth2.py
@@ -41,7 +41,14 @@ def exists_nonce(nonce, req):
def generate_user_info(user, scope):
- return UserInfo(sub=str(user.get_user_id()), name=user.username)
+ return UserInfo(
+ sub=user.username,
+ name=user.gecos,
+ email=user.email,
+ preferred_username=user.username,
+ nickname=user.username,
+ groups=user.groups,
+ )
def create_authorization_code(client, grant_user, request):
diff --git a/sso/views.py b/sso/views.py
index 4d7d318..10c3b43 100644
--- a/sso/views.py
+++ b/sso/views.py
@@ -16,7 +16,7 @@ from sso.directory import LDAPUserProxy, check_credentials
from sso.models import db, Token, Client
from sso.forms import LoginForm, ClientForm
from sso.utils import get_object_or_404
-from sso.oauth2 import authorization, require_oauth
+from sso.oauth2 import authorization, require_oauth, generate_user_info
from authlib.oauth2 import OAuth2Error
from authlib.common.security import generate_token
from authlib.integrations.flask_oauth2 import current_token
@@ -206,15 +206,7 @@ def api_profile():
@bp.route("/api/1/userinfo")
@require_oauth("profile:read openid", "OR")
def api_userinfo():
- user = current_token.user
- return jsonify(
- sub=user.username,
- name=user.gecos,
- email=user.email,
- preferred_username=user.username,
- nickname=user.username,
- groups=user.groups,
- )
+ return jsonify(generate_user_info(current_token.user, current_token.scope))
@bp.route("/.well-known/openid-configuration")