providers/oauth2: fix id_token being saved incorrectly leading to lost claims (#6645)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
7a90b435cc
commit
85bc35eb41
|
@ -2,6 +2,7 @@
|
||||||
import base64
|
import base64
|
||||||
import binascii
|
import binascii
|
||||||
import json
|
import json
|
||||||
|
from dataclasses import asdict
|
||||||
from functools import cached_property
|
from functools import cached_property
|
||||||
from hashlib import sha256
|
from hashlib import sha256
|
||||||
from typing import Any, Optional
|
from typing import Any, Optional
|
||||||
|
@ -358,7 +359,7 @@ class AccessToken(SerializerModel, ExpiringModel, BaseGrantModel):
|
||||||
@id_token.setter
|
@id_token.setter
|
||||||
def id_token(self, value: IDToken):
|
def id_token(self, value: IDToken):
|
||||||
self.token = value.to_access_token(self.provider)
|
self.token = value.to_access_token(self.provider)
|
||||||
self._id_token = json.dumps(value.to_dict())
|
self._id_token = json.dumps(asdict(value))
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def at_hash(self):
|
def at_hash(self):
|
||||||
|
@ -400,7 +401,7 @@ class RefreshToken(SerializerModel, ExpiringModel, BaseGrantModel):
|
||||||
|
|
||||||
@id_token.setter
|
@id_token.setter
|
||||||
def id_token(self, value: IDToken):
|
def id_token(self, value: IDToken):
|
||||||
self._id_token = json.dumps(value.to_dict())
|
self._id_token = json.dumps(asdict(value))
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def serializer(self) -> Serializer:
|
def serializer(self) -> Serializer:
|
||||||
|
|
|
@ -151,6 +151,14 @@ class TestTokenClientCredentials(OAuthTestCase):
|
||||||
)
|
)
|
||||||
self.assertEqual(jwt["given_name"], self.user.name)
|
self.assertEqual(jwt["given_name"], self.user.name)
|
||||||
self.assertEqual(jwt["preferred_username"], self.user.username)
|
self.assertEqual(jwt["preferred_username"], self.user.username)
|
||||||
|
jwt = decode(
|
||||||
|
body["id_token"],
|
||||||
|
key=self.provider.signing_key.public_key,
|
||||||
|
algorithms=[alg],
|
||||||
|
audience=self.provider.client_id,
|
||||||
|
)
|
||||||
|
self.assertEqual(jwt["given_name"], self.user.name)
|
||||||
|
self.assertEqual(jwt["preferred_username"], self.user.username)
|
||||||
|
|
||||||
def test_successful_password(self):
|
def test_successful_password(self):
|
||||||
"""test successful (password grant)"""
|
"""test successful (password grant)"""
|
||||||
|
|
|
@ -16,9 +16,6 @@ with open("local.env.yml", "w", encoding="utf-8") as _config:
|
||||||
"container_image_base": "ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s",
|
"container_image_base": "ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s",
|
||||||
},
|
},
|
||||||
"blueprints_dir": "./blueprints",
|
"blueprints_dir": "./blueprints",
|
||||||
"web": {
|
|
||||||
"outpost_port_offset": 100,
|
|
||||||
},
|
|
||||||
"cert_discovery_dir": "./certs",
|
"cert_discovery_dir": "./certs",
|
||||||
"geoip": "tests/GeoLite2-City-Test.mmdb",
|
"geoip": "tests/GeoLite2-City-Test.mmdb",
|
||||||
},
|
},
|
||||||
|
|
Reference in a new issue