Open shaardie opened 11 months ago
@smalihaider would you have a look into this?
@smalihaider would you have a look into this?
Sure @c00kiemon5ter
I confirm @shaardie's suggestion fixes the error. Should I create a PR for this?
@shaardie @fredericoschardong Apologies for reverting late on this. Thank you for your analysis, however, the suggested fix does not consider non-stateless flows. In the case of non-stateless flows, the extra_id_token_claims should be retrieved via the user info (db or dict) just like it was done before the introduction of the stateless code flow.
I have created this PR to fix this issue in rather pyop: https://github.com/IdentityPython/pyop/pull/55
During responding to the token request, satosa tries to get the configured extra troken claims from the
provider.userinfo
, see https://github.com/IdentityPython/SATOSA/blob/master/src/satosa/frontends/openid_connect.py#L367, but since the informations are not in the database (or the dict) , but in the token, this fails with a Traceback.Code Version
v8.4.0
Expected Behavior
Get the token and no Traceback.
Current Behavior
Traceback
Possible Solution
The provider already hat logic to get the get the extra token claims from the request. So the solution is simply not set extra_token_claims at this point: https://github.com/IdentityPython/SATOSA/blob/83ad0737e08b51a9774b0eae8b1c112ce7aef539/src/satosa/frontends/openid_connect.py#L363-L368
and simply call
Steps to Reproduce