vampirefrog
commented
1 year ago Seems to be the same issue as over here: https://github.com/bshaffer/oauth2-server-php/issues/812
A quick fix is to replace
// Generate an id token if needed.
if ($this->needsIdToken($this->getScope()) && $this->getResponseType() == self::RESPONSE_TYPE_AUTHORIZATION_CODE) {
$params['id_token'] = $this->responseTypes['id_token']->createIdToken($this->getClientId(), $user_id, $this->nonce);
}with
// Generate an id token if needed.
if ($this->needsIdToken($this->getScope()) && $this->getResponseType() == self::RESPONSE_TYPE_AUTHORIZATION_CODE) {
$userClaims = $this->clientStorage->getUserClaims($user_id, $params['scope']);
$params['id_token'] = $this->responseTypes['id_token']->createIdToken($this->getClientId(), $user_id, $this->nonce);
}
In my application, I'm using this configuration:
As a first step, I request and receive an
authorization_codeat the authentication endpoint withresponse_type=code,scope=openid email address.Then, I call the token endpoint using the
authentication_coderetrieved from the authentication endpoint. As required by the documentation at https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse the id_token is included in the response, however the user claims are missing. Debugging learns thegetUserClaims()method in my custom storage class is never called, neither by the authentication endpoint (id_token in my database also has no user claims), nor by the token endpoint.Does anybody have a clue, why the user claims are missing? Or can anybody clarify if the user claims should be put into the storage by the authentication endpoint, or should be added afterwards in the token endpoint?