From 7c0754000c55a8c020546a009bae93147b76fa3c Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Thu, 29 Sep 2022 10:27:46 +0200
Subject: [PATCH] providers/oauth2: add all hardcoded claims to
 claims_supported list

closes #3702

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/providers/oauth2/views/provider.py | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/authentik/providers/oauth2/views/provider.py b/authentik/providers/oauth2/views/provider.py
index f1356c3b5..bd2811541 100644
--- a/authentik/providers/oauth2/views/provider.py
+++ b/authentik/providers/oauth2/views/provider.py
@@ -93,8 +93,17 @@ class ProviderInfoView(View):
             "scopes_supported": scopes,
             # https://openid.net/specs/openid-connect-core-1_0.html#RequestObject
             "request_parameter_supported": False,
-            # Because claims are dynamic and per-application, the only fixed Claim is "sub"
-            "claims_supported": ["sub"],
+            # Because claims are dynamic and per-application, the only claims listed here
+            # are ones that are always set by authentik itself on every token
+            "claims_supported": [
+                "sub",
+                "iss",
+                "aud",
+                "exp",
+                "iat",
+                "auth_time",
+                "acr",
+            ],
             "claims_parameter_supported": False,
         }