Made scopes to claims mapping endpoint independent.

Author: rohe

src/oidcendpoint/id_token.py

@@ -258,8 +258,7 @@ def make(self, req, sess_info, authn_req=None, user_claims=False, **kwargs):
         )
 
         if user_claims:
-            info = collect_user_info(_context, sess_info,
-                                     scope_to_claims=self.scope_to_claims)
+            info = collect_user_info(_context, sess_info)
             if userinfo is None:
                 userinfo = info
             else:

src/oidcendpoint/oidc/add_on/custom_scopes.py

@@ -6,11 +6,15 @@
 
 
 def add_custom_scopes(endpoint, **kwargs):
-    userinfo_endpoint = endpoint['userinfo']
+    """
+    :param endpoint: A dictionary with endpoint instances as values
+    """
+    # Just need an endpoint, anyone will do
+    _endpoint = list(endpoint.values())[0]
 
     _scopes = SCOPE2CLAIMS.copy()
     _scopes.update(kwargs)
 
-    userinfo_endpoint.scope_to_claims = _scopes
-    userinfo_endpoint.endpoint_context.idtoken.scope_to_claims = _scopes
-    userinfo_endpoint.endpoint_context.scope2claims = _scopes
+    _endpoint.scope_to_claims = _scopes
+    _endpoint.endpoint_context.idtoken.scope_to_claims = _scopes
+    _endpoint.endpoint_context.scope2claims = _scopes

src/oidcendpoint/oidc/authorization.py

@@ -320,6 +320,7 @@ def proposed_user(request):
         return request[cn].get("sub", "")
     return ""
 
+
 class Authorization(Endpoint):
     request_cls = oidc.AuthorizationRequest
     response_cls = oidc.AuthorizationResponse

src/oidcendpoint/oidc/userinfo.py

@@ -117,8 +117,7 @@ def process_request(self, request=None, **kwargs):
 
         if allowed:
             # Scope can translate to userinfo_claims
-            info = collect_user_info(self.endpoint_context, session,
-                                     scope_to_claims=self.scope_to_claims)
+            info = collect_user_info(self.endpoint_context, session)
         else:
             info = {
                 "error": "invalid_request",

src/oidcendpoint/userinfo.py

@@ -114,6 +114,8 @@ def collect_user_info(endpoint_context, session, userinfo_claims=None,
     :return: User info
     """
     authn_req = session["authn_req"]
+    if scope_to_claims is None:
+        scope_to_claims = endpoint_context.scope2claims
 
     if userinfo_claims is None:
         uic = scope2claims(authn_req["scope"], map=scope_to_claims)
@@ -156,8 +158,7 @@ def collect_user_info(endpoint_context, session, userinfo_claims=None,
     return info
 
 
-def userinfo_in_id_token_claims(endpoint_context, session, def_itc=None,
-                                scope_to_claims=None):
+def userinfo_in_id_token_claims(endpoint_context, session, def_itc=None):
     """
     Collect user info claims that are to be placed in the id token.
 
@@ -179,7 +180,6 @@ def userinfo_in_id_token_claims(endpoint_context, session, def_itc=None,
     _claims = by_schema(endpoint_context.id_token_schema, **itc)
 
     if _claims:
-        return collect_user_info(endpoint_context, session, _claims,
-                                 scope_to_claims=scope_to_claims)
+        return collect_user_info(endpoint_context, session, _claims)
     else:
         return None

tests/test_02_client_authn.py

@@ -20,8 +20,6 @@
 from oidcendpoint.endpoint_context import EndpointContext
 from oidcendpoint.exception import NotForMe
 from oidcendpoint.oidc.token import AccessToken
-from oidcendpoint.session import SessionInfo
-from oidcmsg.oidc import AuthorizationRequest
 
 KEYDEFS = [
     {"type": "RSA", "key": "", "use": ["sig"]},