From b2a658d0914f15f9aaece32d1fc916aed81f7d12 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 7 Oct 2022 17:07:33 +0300 Subject: [PATCH] providers/oauth2: remove c_hash and nonce claim if they're not set Signed-off-by: Jens Langhammer --- authentik/providers/oauth2/models.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/authentik/providers/oauth2/models.py b/authentik/providers/oauth2/models.py index b0a1c6268..c4f685534 100644 --- a/authentik/providers/oauth2/models.py +++ b/authentik/providers/oauth2/models.py @@ -391,7 +391,6 @@ class IDToken: acr: Optional[str] = ACR_AUTHENTIK_DEFAULT c_hash: Optional[str] = None - nonce: Optional[str] = None at_hash: Optional[str] = None @@ -400,9 +399,14 @@ class IDToken: def to_dict(self) -> dict[str, Any]: """Convert dataclass to dict, and update with keys from `claims`""" id_dict = asdict(self) - # at_hash should be omitted when not set instead of retuning a null claim + # The following claims should be omitted if they aren't set instead of being + # set to null if not self.at_hash: id_dict.pop("at_hash") + if not self.nonce: + id_dict.pop("nonce") + if not self.c_hash: + id_dict.pop("c_hash") id_dict.pop("claims") id_dict.update(self.claims) return id_dict