providers/oauth2: remove c_hash and nonce claim if they're not set

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-10-07 17:07:33 +03:00
parent f9e0e89cd6
commit b2a658d091

View file

@ -391,7 +391,6 @@ class IDToken:
acr: Optional[str] = ACR_AUTHENTIK_DEFAULT acr: Optional[str] = ACR_AUTHENTIK_DEFAULT
c_hash: Optional[str] = None c_hash: Optional[str] = None
nonce: Optional[str] = None nonce: Optional[str] = None
at_hash: Optional[str] = None at_hash: Optional[str] = None
@ -400,9 +399,14 @@ class IDToken:
def to_dict(self) -> dict[str, Any]: def to_dict(self) -> dict[str, Any]:
"""Convert dataclass to dict, and update with keys from `claims`""" """Convert dataclass to dict, and update with keys from `claims`"""
id_dict = asdict(self) id_dict = asdict(self)
# at_hash should be omitted when not set instead of retuning a null claim # The following claims should be omitted if they aren't set instead of being
# set to null
if not self.at_hash: if not self.at_hash:
id_dict.pop("at_hash") id_dict.pop("at_hash")
if not self.nonce:
id_dict.pop("nonce")
if not self.c_hash:
id_dict.pop("c_hash")
id_dict.pop("claims") id_dict.pop("claims")
id_dict.update(self.claims) id_dict.update(self.claims)
return id_dict return id_dict