providers/oauth2: add all hardcoded claims to claims_supported list

closes #3702 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-29 10:27:46 +02:00 · 2022-09-29 10:27:46 +02:00 · 7c0754000c
parent c0270cc3b3
commit 7c0754000c
1 changed files with 11 additions and 2 deletions
--- a/authentik/providers/oauth2/views/provider.py
+++ b/authentik/providers/oauth2/views/provider.py
@ -93,8 +93,17 @@ class ProviderInfoView(View):
            "scopes_supported": scopes,
            # https://openid.net/specs/openid-connect-core-1_0.html#RequestObject
            "request_parameter_supported": False,
-            # Because claims are dynamic and per-application, the only fixed Claim is "sub"
-            "claims_supported": ["sub"],
+            # Because claims are dynamic and per-application, the only claims listed here
+            # are ones that are always set by authentik itself on every token
+            "claims_supported": [
+                "sub",
+                "iss",
+                "aud",
+                "exp",
+                "iat",
+                "auth_time",
+                "acr",
+            ],
            "claims_parameter_supported": False,
        }