User-configurable claims_supported

2023-12-03 15:19:29 -08:00 · 2023-12-03 15:19:29 -08:00 · 3bb48f7cba
commit 3bb48f7cba
parent 4d05eade5e
6 changed files with 60 additions and 29 deletions
--- a/pkg/op/config.go
+++ b/pkg/op/config.go
@ -47,6 +47,7 @@ type Configuration interface {
 	RequestObjectSupported() bool
 	RequestObjectSigningAlgorithmsSupported() []string
 	SupportedClaims() []string
 	SupportedUILocales() []language.Tag
 	DeviceAuthorization() DeviceAuthorizationConfig
 }
--- a/pkg/op/discovery.go
+++ b/pkg/op/discovery.go
@ -57,7 +57,7 @@ func CreateDiscoveryConfig(ctx context.Context, config Configuration, storage Di
 		IntrospectionEndpointAuthMethodsSupported:          AuthMethodsIntrospectionEndpoint(config),
 		RevocationEndpointAuthSigningAlgValuesSupported:    RevocationSigAlgorithms(config),
 		RevocationEndpointAuthMethodsSupported:             AuthMethodsRevocationEndpoint(config),
-		ClaimsSupported:                                    SupportedClaims(config),
+		ClaimsSupported:                                    config.SupportedClaims(),
 		CodeChallengeMethodsSupported:                      CodeChallengeMethods(config),
 		UILocalesSupported:                                 config.SupportedUILocales(),
 		RequestParameterSupported:                          config.RequestObjectSupported(),
@ -88,7 +88,7 @@ func createDiscoveryConfigV2(ctx context.Context, config Configuration, storage
 		IntrospectionEndpointAuthMethodsSupported:          AuthMethodsIntrospectionEndpoint(config),
 		RevocationEndpointAuthSigningAlgValuesSupported:    RevocationSigAlgorithms(config),
 		RevocationEndpointAuthMethodsSupported:             AuthMethodsRevocationEndpoint(config),
-		ClaimsSupported:                                    SupportedClaims(config),
+		ClaimsSupported:                                    config.SupportedClaims(),
 		CodeChallengeMethodsSupported:                      CodeChallengeMethods(config),
 		UILocalesSupported:                                 config.SupportedUILocales(),
 		RequestParameterSupported:                          config.RequestObjectSupported(),
@ -213,32 +213,7 @@ func AuthMethodsRevocationEndpoint(c Configuration) []oidc.AuthMethod {
 }
 func SupportedClaims(c Configuration) []string {
-	return []string{ // TODO: config
+	return c.SupportedClaims()
 		"sub",
 		"aud",
 		"exp",
 		"iat",
 		"iss",
 		"auth_time",
 		"nonce",
 		"acr",
 		"amr",
 		"c_hash",
 		"at_hash",
 		"act",
 		"scopes",
 		"client_id",
 		"azp",
 		"preferred_username",
 		"name",
 		"family_name",
 		"given_name",
 		"locale",
 		"email",
 		"email_verified",
 		"phone_number",
 		"phone_number_verified",
 	}
 }
 func CodeChallengeMethods(c Configuration) []oidc.CodeChallengeMethod {
--- a/pkg/op/discovery_test.go
+++ b/pkg/op/discovery_test.go
@ -544,7 +544,11 @@ func TestSupportedClaims(t *testing.T) {
 	}{
 		{
 			"scopes",
-			args{},
+			args{func() op.Configuration {
 				m := mock.NewMockConfiguration(gomock.NewController(t))
 				m.EXPECT().SupportedClaims().Return(op.DefaultSupportedClaims)
 				return m
 			}()},
 			[]string{
 				"sub",
 				"aud",
--- a/pkg/op/mock/configuration.mock.go
+++ b/pkg/op/mock/configuration.mock.go
@ -358,6 +358,20 @@ func (mr *MockConfigurationMockRecorder) RevocationEndpointSigningAlgorithmsSupp
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RevocationEndpointSigningAlgorithmsSupported", reflect.TypeOf((*MockConfiguration)(nil).RevocationEndpointSigningAlgorithmsSupported))
 }
 // SupportedClaims mocks base method.
 func (m *MockConfiguration) SupportedClaims() []string {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "SupportedClaims")
 	ret0, _ := ret[0].([]string)
 	return ret0
 }
 // SupportedClaims indicates an expected call of SupportedClaims.
 func (mr *MockConfigurationMockRecorder) SupportedClaims() *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SupportedClaims", reflect.TypeOf((*MockConfiguration)(nil).SupportedClaims))
 }
 // SupportedUILocales mocks base method.
 func (m *MockConfiguration) SupportedUILocales() []language.Tag {
 	m.ctrl.T.Helper()
--- a/pkg/op/op.go
+++ b/pkg/op/op.go
@ -45,6 +45,33 @@ var (
 		DeviceAuthorization: NewEndpoint(defaultDeviceAuthzEndpoint),
 	}
 	DefaultSupportedClaims = []string{
 		"sub",
 		"aud",
 		"exp",
 		"iat",
 		"iss",
 		"auth_time",
 		"nonce",
 		"acr",
 		"amr",
 		"c_hash",
 		"at_hash",
 		"act",
 		"scopes",
 		"client_id",
 		"azp",
 		"preferred_username",
 		"name",
 		"family_name",
 		"given_name",
 		"locale",
 		"email",
 		"email_verified",
 		"phone_number",
 		"phone_number_verified",
 	}
 	defaultCORSOptions = cors.Options{
 		AllowCredentials: true,
 		AllowedHeaders: []string{
@ -146,6 +173,7 @@ type Config struct {
 	GrantTypeRefreshToken    bool
 	RequestObjectSupported   bool
 	SupportedUILocales       []language.Tag
 	SupportedClaims          []string
 	DeviceAuthorization      DeviceAuthorizationConfig
 }
@ -386,6 +414,14 @@ func (o *Provider) RequestObjectSigningAlgorithmsSupported() []string {
 	return []string{"RS256"}
 }
 func (o *Provider) SupportedClaims() []string {
 	if o.config.SupportedClaims == nil {
 		return DefaultSupportedClaims
 	} else {
 		return o.config.SupportedClaims
 	}
 }
 func (o *Provider) SupportedUILocales() []language.Tag {
 	return o.config.SupportedUILocales
 }
--- a/pkg/op/op_test.go
+++ b/pkg/op/op_test.go
@ -30,6 +30,7 @@ var (
 		AuthMethodPrivateKeyJWT:  true,
 		GrantTypeRefreshToken:    true,
 		RequestObjectSupported:   true,
 		SupportedClaims:          op.DefaultSupportedClaims,
 		SupportedUILocales:       []language.Tag{language.English},
 		DeviceAuthorization: op.DeviceAuthorizationConfig{
 			Lifetime:     5 * time.Minute,