For some reason, the oidc_user_claims filter is not working as expected. To include this information in the token being sent, you will need to edit the IdToken.php file located in the vendor directory (src/OAuth2/OpenID/ResponseType/IdToken.php or /wp-content/plugins/openid-connect-server/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdToken.php). In the createIdToken function, add the following code:
$user = get_user_by('login', $user_id);
if ( $user ) {
$token['email'] = ! empty( $user->user_email ) ? $user->user_email : '';
$token['given_name'] = ! empty( $user->first_name ) ? $user->first_name : '';
$token['family_name'] = ! empty( $user->last_name ) ? $user->last_name : '';
$token['name'] = $user->display_name; // Full display name
$token['role'] = implode( ', ', $user->roles );
}
Under if ($userClaims) { $token += $userClaims; }
Making the function look like below:
/**
* Create id token
*
* @param string $client_id
* @param mixed $userInfo
* @param mixed $nonce
* @param mixed $userClaims
* @param mixed $access_token
* @return mixed|string
*/
public function createIdToken($client_id, $userInfo, $nonce = null, $userClaims = null, $access_token = null)
{
// pull auth_time from user info if supplied
list($user_id, $auth_time) = $this->getUserIdAndAuthTime($userInfo);
$token = array(
'iss' => $this->config['issuer'],
'sub' => $user_id,
'aud' => $client_id,
'iat' => time(),
'exp' => time() + $this->config['id_lifetime'],
'auth_time' => $auth_time,
);
if ($nonce) {
$token['nonce'] = $nonce;
}
if ($userClaims) {
$token += $userClaims;
}
$user = get_user_by('login', $user_id);
if ( $user ) {
$token['email'] = ! empty( $user->user_email ) ? $user->user_email : '';
$token['given_name'] = ! empty( $user->first_name ) ? $user->first_name : '';
$token['family_name'] = ! empty( $user->last_name ) ? $user->last_name : '';
$token['name'] = $user->display_name; // Full display name
$token['role'] = implode( ', ', $user->roles );
}
if ($access_token) {
$token['at_hash'] = $this->createAtHash($access_token, $client_id);
}
return $this->encodeToken($token, $client_id);
}
This has also been submitted to the vender: bshaffer/oauth2-server-php#1084
I'd really appreciate it if you could credit my contribution and include an acknowledgment of my input in the final implementation. Thanks so much!
For some reason, the
oidc_user_claimsfilter is not working as expected. To include this information in the token being sent, you will need to edit theIdToken.phpfile located in the vendor directory (src/OAuth2/OpenID/ResponseType/IdToken.phpor/wp-content/plugins/openid-connect-server/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/IdToken.php). In thecreateIdTokenfunction, add the following code:Under
if ($userClaims) { $token += $userClaims; }Making the function look like below:
This has also been submitted to the vender: bshaffer/oauth2-server-php#1084
I'd really appreciate it if you could credit my contribution and include an acknowledgment of my input in the final implementation. Thanks so much!