search

lepture / authlib

The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.
https://authlib.org/
BSD 3-Clause "New" or "Revised" License
4.39k stars 436 forks source link

Documentation: Missing OIDC client documentation on custom claims #621

Open schicho opened 6 months ago

schicho commented 6 months ago

Problem

The documentation with examples on the website is excellent, yet I cannot find any details how to retrieve custom claims. I think this may just have been forgotten? Or one is supposed to know intuitively?

I followed the example for the Flask OIDC client and can get all the standard claims.

oauth.register(
    "organization",
    server_metadata_url="[...]",
    client_kwargs={"scope": "openid email profile"},
)

@bp.route("/auth")
def auth():
    token = oauth.organization.authorize_access_token()
    session["user"] = token["userinfo"]

However there is no documentation for custom claims, as shown below.

Proposed solution

Given a well known config with

"claims_supported": [
        "address",
        "birthdate",
        "client_id",
        "cn",
        "company",
        "department",
...
]

add example code to the documentation at on how to retrieve the custom claim for department for instance.

I have looked around the issues here, looked on Stack Overflow, nada. I can make a contribution and extend the examples, when someone can help me with this.

schicho commented 6 months ago

I am aware of issues referencing custom claims, yet no examples with OIDC get me there.

The closest is https://github.com/lepture/authlib/issues/549, but that does not help me either