0001-auth_oidc-check-required-claims-only-from-the-idtoke.patch
src/authentic2_auth_oidc/backends.py | ||
---|---|---|
207 | 207 |
if claim_mapping.required: |
208 | 208 |
if '{{' in claim or '{%' in claim: |
209 | 209 |
logger.warning('claim \'%r\' is templated, it cannot be set as required') |
210 |
elif claim_mapping.idtoken_claim and claim not in id_token: |
|
211 |
logger.warning( |
|
212 |
'auth_oidc: cannot create user missing required claim %r in id_token (%r)', |
|
213 |
claim, |
|
214 |
id_token, |
|
215 |
) |
|
216 |
return None |
|
217 |
elif not user_info or claim not in user_info: |
|
218 |
logger.warning( |
|
219 |
'auth_oidc: cannot create user missing required claim %r in user_info (%r)', |
|
220 |
claim, |
|
221 |
user_info, |
|
222 |
) |
|
223 |
return None |
|
210 |
elif claim_mapping.idtoken_claim: |
|
211 |
if claim not in id_token: |
|
212 |
logger.warning( |
|
213 |
'auth_oidc: cannot create user missing required claim %r in id_token (%r)', |
|
214 |
claim, |
|
215 |
id_token, |
|
216 |
) |
|
217 |
return None |
|
218 |
else: # claim from the user_info endpoint |
|
219 |
if not user_info or claim not in user_info: |
|
220 |
logger.warning( |
|
221 |
'auth_oidc: cannot create user missing required claim %r in user_info (%r)', |
|
222 |
claim, |
|
223 |
user_info, |
|
224 |
) |
|
225 |
return None |
|
224 | 226 | |
225 | 227 |
# find en email in mappings |
226 | 228 |
email = None |
227 |
- |