providers/oauth2: fix id_token being saved incorrectly leading to lost claims (#6645)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L 2023-08-28 00:51:48 +02:00 committed by GitHub
parent 7a90b435cc
commit 85bc35eb41
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 5 deletions

View file

@ -2,6 +2,7 @@
import base64
import binascii
import json
from dataclasses import asdict
from functools import cached_property
from hashlib import sha256
from typing import Any, Optional
@ -358,7 +359,7 @@ class AccessToken(SerializerModel, ExpiringModel, BaseGrantModel):
@id_token.setter
def id_token(self, value: IDToken):
self.token = value.to_access_token(self.provider)
self._id_token = json.dumps(value.to_dict())
self._id_token = json.dumps(asdict(value))
@property
def at_hash(self):
@ -400,7 +401,7 @@ class RefreshToken(SerializerModel, ExpiringModel, BaseGrantModel):
@id_token.setter
def id_token(self, value: IDToken):
self._id_token = json.dumps(value.to_dict())
self._id_token = json.dumps(asdict(value))
@property
def serializer(self) -> Serializer:

View file

@ -151,6 +151,14 @@ class TestTokenClientCredentials(OAuthTestCase):
)
self.assertEqual(jwt["given_name"], self.user.name)
self.assertEqual(jwt["preferred_username"], self.user.username)
jwt = decode(
body["id_token"],
key=self.provider.signing_key.public_key,
algorithms=[alg],
audience=self.provider.client_id,
)
self.assertEqual(jwt["given_name"], self.user.name)
self.assertEqual(jwt["preferred_username"], self.user.username)
def test_successful_password(self):
"""test successful (password grant)"""

View file

@ -16,9 +16,6 @@ with open("local.env.yml", "w", encoding="utf-8") as _config:
"container_image_base": "ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s",
},
"blueprints_dir": "./blueprints",
"web": {
"outpost_port_offset": 100,
},
"cert_discovery_dir": "./certs",
"geoip": "tests/GeoLite2-City-Test.mmdb",
},