diff --git a/pkg/op/config.go b/pkg/op/config.go index 9fec7cc..385f8c7 100644 --- a/pkg/op/config.go +++ b/pkg/op/config.go @@ -47,6 +47,7 @@ type Configuration interface { RequestObjectSupported() bool RequestObjectSigningAlgorithmsSupported() []string + SupportedClaims() []string SupportedUILocales() []language.Tag DeviceAuthorization() DeviceAuthorizationConfig } diff --git a/pkg/op/discovery.go b/pkg/op/discovery.go index 8251261..37006a5 100644 --- a/pkg/op/discovery.go +++ b/pkg/op/discovery.go @@ -57,7 +57,7 @@ func CreateDiscoveryConfig(ctx context.Context, config Configuration, storage Di IntrospectionEndpointAuthMethodsSupported: AuthMethodsIntrospectionEndpoint(config), RevocationEndpointAuthSigningAlgValuesSupported: RevocationSigAlgorithms(config), RevocationEndpointAuthMethodsSupported: AuthMethodsRevocationEndpoint(config), - ClaimsSupported: SupportedClaims(config), + ClaimsSupported: config.SupportedClaims(), CodeChallengeMethodsSupported: CodeChallengeMethods(config), UILocalesSupported: config.SupportedUILocales(), RequestParameterSupported: config.RequestObjectSupported(), @@ -88,7 +88,7 @@ func createDiscoveryConfigV2(ctx context.Context, config Configuration, storage IntrospectionEndpointAuthMethodsSupported: AuthMethodsIntrospectionEndpoint(config), RevocationEndpointAuthSigningAlgValuesSupported: RevocationSigAlgorithms(config), RevocationEndpointAuthMethodsSupported: AuthMethodsRevocationEndpoint(config), - ClaimsSupported: SupportedClaims(config), + ClaimsSupported: config.SupportedClaims(), CodeChallengeMethodsSupported: CodeChallengeMethods(config), UILocalesSupported: config.SupportedUILocales(), RequestParameterSupported: config.RequestObjectSupported(), @@ -213,32 +213,7 @@ func AuthMethodsRevocationEndpoint(c Configuration) []oidc.AuthMethod { } func SupportedClaims(c Configuration) []string { - return []string{ // TODO: config - "sub", - "aud", - "exp", - "iat", - "iss", - "auth_time", - "nonce", - "acr", - "amr", - "c_hash", - "at_hash", - "act", - "scopes", - "client_id", - "azp", - "preferred_username", - "name", - "family_name", - "given_name", - "locale", - "email", - "email_verified", - "phone_number", - "phone_number_verified", - } + return c.SupportedClaims() } func CodeChallengeMethods(c Configuration) []oidc.CodeChallengeMethod { diff --git a/pkg/op/discovery_test.go b/pkg/op/discovery_test.go index 84e1216..27976cc 100644 --- a/pkg/op/discovery_test.go +++ b/pkg/op/discovery_test.go @@ -544,7 +544,11 @@ func TestSupportedClaims(t *testing.T) { }{ { "scopes", - args{}, + args{func() op.Configuration { + m := mock.NewMockConfiguration(gomock.NewController(t)) + m.EXPECT().SupportedClaims().Return(op.DefaultSupportedClaims) + return m + }()}, []string{ "sub", "aud", diff --git a/pkg/op/mock/configuration.mock.go b/pkg/op/mock/configuration.mock.go index f392a45..77c2691 100644 --- a/pkg/op/mock/configuration.mock.go +++ b/pkg/op/mock/configuration.mock.go @@ -358,6 +358,20 @@ func (mr *MockConfigurationMockRecorder) RevocationEndpointSigningAlgorithmsSupp return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RevocationEndpointSigningAlgorithmsSupported", reflect.TypeOf((*MockConfiguration)(nil).RevocationEndpointSigningAlgorithmsSupported)) } +// SupportedClaims mocks base method. +func (m *MockConfiguration) SupportedClaims() []string { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "SupportedClaims") + ret0, _ := ret[0].([]string) + return ret0 +} + +// SupportedClaims indicates an expected call of SupportedClaims. +func (mr *MockConfigurationMockRecorder) SupportedClaims() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SupportedClaims", reflect.TypeOf((*MockConfiguration)(nil).SupportedClaims)) +} + // SupportedUILocales mocks base method. func (m *MockConfiguration) SupportedUILocales() []language.Tag { m.ctrl.T.Helper() diff --git a/pkg/op/op.go b/pkg/op/op.go index 939ebf8..d35725e 100644 --- a/pkg/op/op.go +++ b/pkg/op/op.go @@ -45,6 +45,33 @@ var ( DeviceAuthorization: NewEndpoint(defaultDeviceAuthzEndpoint), } + DefaultSupportedClaims = []string{ + "sub", + "aud", + "exp", + "iat", + "iss", + "auth_time", + "nonce", + "acr", + "amr", + "c_hash", + "at_hash", + "act", + "scopes", + "client_id", + "azp", + "preferred_username", + "name", + "family_name", + "given_name", + "locale", + "email", + "email_verified", + "phone_number", + "phone_number_verified", + } + defaultCORSOptions = cors.Options{ AllowCredentials: true, AllowedHeaders: []string{ @@ -146,6 +173,7 @@ type Config struct { GrantTypeRefreshToken bool RequestObjectSupported bool SupportedUILocales []language.Tag + SupportedClaims []string DeviceAuthorization DeviceAuthorizationConfig } @@ -386,6 +414,14 @@ func (o *Provider) RequestObjectSigningAlgorithmsSupported() []string { return []string{"RS256"} } +func (o *Provider) SupportedClaims() []string { + if o.config.SupportedClaims == nil { + return DefaultSupportedClaims + } else { + return o.config.SupportedClaims + } +} + func (o *Provider) SupportedUILocales() []language.Tag { return o.config.SupportedUILocales } diff --git a/pkg/op/op_test.go b/pkg/op/op_test.go index 062fcfe..f97f666 100644 --- a/pkg/op/op_test.go +++ b/pkg/op/op_test.go @@ -30,6 +30,7 @@ var ( AuthMethodPrivateKeyJWT: true, GrantTypeRefreshToken: true, RequestObjectSupported: true, + SupportedClaims: op.DefaultSupportedClaims, SupportedUILocales: []language.Tag{language.English}, DeviceAuthorization: op.DeviceAuthorizationConfig{ Lifetime: 5 * time.Minute,