0001-auth_oidc-check-required-claims-only-from-the-idtoke.patch
| src/authentic2_auth_oidc/backends.py | ||
|---|---|---|
| 207 | 207 |
if claim_mapping.required: |
| 208 | 208 |
if '{{' in claim or '{%' in claim:
|
| 209 | 209 |
logger.warning('claim \'%r\' is templated, it cannot be set as required')
|
| 210 |
elif claim_mapping.idtoken_claim and claim not in id_token: |
|
| 211 |
logger.warning( |
|
| 212 |
'auth_oidc: cannot create user missing required claim %r in id_token (%r)', |
|
| 213 |
claim, |
|
| 214 |
id_token, |
|
| 215 |
) |
|
| 216 |
return None |
|
| 217 |
elif not user_info or claim not in user_info: |
|
| 218 |
logger.warning( |
|
| 219 |
'auth_oidc: cannot create user missing required claim %r in user_info (%r)', |
|
| 220 |
claim, |
|
| 221 |
user_info, |
|
| 222 |
) |
|
| 223 |
return None |
|
| 210 |
elif claim_mapping.idtoken_claim: |
|
| 211 |
if claim not in id_token: |
|
| 212 |
logger.warning( |
|
| 213 |
'auth_oidc: cannot create user missing required claim %r in id_token (%r)', |
|
| 214 |
claim, |
|
| 215 |
id_token, |
|
| 216 |
) |
|
| 217 |
return None |
|
| 218 |
else: # claim from the user_info endpoint |
|
| 219 |
if not user_info or claim not in user_info: |
|
| 220 |
logger.warning( |
|
| 221 |
'auth_oidc: cannot create user missing required claim %r in user_info (%r)', |
|
| 222 |
claim, |
|
| 223 |
user_info, |
|
| 224 |
) |
|
| 225 |
return None |
|
| 224 | 226 | |
| 225 | 227 |
# find en email in mappings |
| 226 | 228 |
email = None |
| 227 |
- |
|