providers/oauth2: fix id_token being saved incorrectly leading to lost claims (#6645)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L 2023-08-28 00:51:48 +02:00 committed by GitHub
parent 7a90b435cc
commit 85bc35eb41
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 5 deletions

View File

@ -2,6 +2,7 @@
import base64 import base64
import binascii import binascii
import json import json
from dataclasses import asdict
from functools import cached_property from functools import cached_property
from hashlib import sha256 from hashlib import sha256
from typing import Any, Optional from typing import Any, Optional
@ -358,7 +359,7 @@ class AccessToken(SerializerModel, ExpiringModel, BaseGrantModel):
@id_token.setter @id_token.setter
def id_token(self, value: IDToken): def id_token(self, value: IDToken):
self.token = value.to_access_token(self.provider) self.token = value.to_access_token(self.provider)
self._id_token = json.dumps(value.to_dict()) self._id_token = json.dumps(asdict(value))
@property @property
def at_hash(self): def at_hash(self):
@ -400,7 +401,7 @@ class RefreshToken(SerializerModel, ExpiringModel, BaseGrantModel):
@id_token.setter @id_token.setter
def id_token(self, value: IDToken): def id_token(self, value: IDToken):
self._id_token = json.dumps(value.to_dict()) self._id_token = json.dumps(asdict(value))
@property @property
def serializer(self) -> Serializer: def serializer(self) -> Serializer:

View File

@ -151,6 +151,14 @@ class TestTokenClientCredentials(OAuthTestCase):
) )
self.assertEqual(jwt["given_name"], self.user.name) self.assertEqual(jwt["given_name"], self.user.name)
self.assertEqual(jwt["preferred_username"], self.user.username) self.assertEqual(jwt["preferred_username"], self.user.username)
jwt = decode(
body["id_token"],
key=self.provider.signing_key.public_key,
algorithms=[alg],
audience=self.provider.client_id,
)
self.assertEqual(jwt["given_name"], self.user.name)
self.assertEqual(jwt["preferred_username"], self.user.username)
def test_successful_password(self): def test_successful_password(self):
"""test successful (password grant)""" """test successful (password grant)"""

View File

@ -16,9 +16,6 @@ with open("local.env.yml", "w", encoding="utf-8") as _config:
"container_image_base": "ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s", "container_image_base": "ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s",
}, },
"blueprints_dir": "./blueprints", "blueprints_dir": "./blueprints",
"web": {
"outpost_port_offset": 100,
},
"cert_discovery_dir": "./certs", "cert_discovery_dir": "./certs",
"geoip": "tests/GeoLite2-City-Test.mmdb", "geoip": "tests/GeoLite2-City-Test.mmdb",
}, },