Skip to content

Commit 417d234

Browse files
lepturelepture
committed
fix(client): add claims_cls parameter for parse_id_token, #725 
1 parent 4eafdc2 commit 417d234

File tree

6 files changed

+44
-19
lines changed

6 files changed

+44
-19
lines changed

.gitignore

+1
Original file line numberDiff line numberDiff line change
@@ -19,3 +19,4 @@ venv/
1919
.pytest_cache/
2020
*.egg
2121
.idea/
22+
uv.lock

authlib/integrations/base_client/async_openid.py

+8-7
Original file line numberDiff line numberDiff line change
@@ -34,17 +34,18 @@ async def userinfo(self, **kwargs):
3434
data = resp.json()
3535
return UserInfo(data)
3636

37-
async def parse_id_token(self, token, nonce, claims_options=None):
37+
async def parse_id_token(self, token, nonce, claims_options=None, claims_cls=None, leeway=120):
3838
"""Return an instance of UserInfo from token's ``id_token``."""
3939
claims_params = dict(
4040
nonce=nonce,
4141
client_id=self.client_id,
4242
)
43-
if "access_token" in token:
44-
claims_params["access_token"] = token["access_token"]
45-
claims_cls = CodeIDToken
46-
else:
47-
claims_cls = ImplicitIDToken
43+
if claims_cls is None:
44+
if "access_token" in token:
45+
claims_params["access_token"] = token["access_token"]
46+
claims_cls = CodeIDToken
47+
else:
48+
claims_cls = ImplicitIDToken
4849

4950
metadata = await self.load_server_metadata()
5051
if claims_options is None and "issuer" in metadata:
@@ -78,5 +79,5 @@ async def parse_id_token(self, token, nonce, claims_options=None):
7879
# https://github.com/lepture/authlib/issues/259
7980
if claims.get("nonce_supported") is False:
8081
claims.params["nonce"] = None
81-
claims.validate(leeway=120)
82+
claims.validate(leeway=leeway)
8283
return UserInfo(claims)

authlib/integrations/base_client/sync_openid.py

+8-6
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ def userinfo(self, **kwargs):
3333
data = resp.json()
3434
return UserInfo(data)
3535

36-
def parse_id_token(self, token, nonce, claims_options=None, leeway=120):
36+
def parse_id_token(self, token, nonce, claims_options=None, claims_cls=None, leeway=120):
3737
"""Return an instance of UserInfo from token's ``id_token``."""
3838
if "id_token" not in token:
3939
return None
@@ -44,11 +44,13 @@ def parse_id_token(self, token, nonce, claims_options=None, leeway=120):
4444
nonce=nonce,
4545
client_id=self.client_id,
4646
)
47-
if "access_token" in token:
48-
claims_params["access_token"] = token["access_token"]
49-
claims_cls = CodeIDToken
50-
else:
51-
claims_cls = ImplicitIDToken
47+
48+
if claims_cls is None:
49+
if "access_token" in token:
50+
claims_params["access_token"] = token["access_token"]
51+
claims_cls = CodeIDToken
52+
else:
53+
claims_cls = ImplicitIDToken
5254

5355
metadata = self.load_server_metadata()
5456
if claims_options is None and "issuer" in metadata:

authlib/integrations/django_client/apps.py

+9-2
Original file line numberDiff line numberDiff line change
@@ -78,15 +78,22 @@ def authorize_access_token(self, request, **kwargs):
7878
"state": request.POST.get("state"),
7979
}
8080

81-
claims_options = kwargs.pop("claims_options", None)
8281
state_data = self.framework.get_state_data(request.session, params.get("state"))
8382
self.framework.clear_state_data(request.session, params.get("state"))
8483
params = self._format_state_params(state_data, params)
84+
85+
claims_options = kwargs.pop("claims_options", None)
86+
claims_cls = kwargs.pop("claims_cls", None)
87+
leeway = kwargs.pop("leeway", 120)
8588
token = self.fetch_access_token(**params, **kwargs)
8689

8790
if "id_token" in token and "nonce" in state_data:
8891
userinfo = self.parse_id_token(
89-
token, nonce=state_data["nonce"], claims_options=claims_options
92+
token,
93+
nonce=state_data["nonce"],
94+
claims_options=claims_options,
95+
claims_cls=claims_cls,
96+
leeway=leeway,
9097
)
9198
token["userinfo"] = userinfo
9299
return token

authlib/integrations/flask_client/apps.py

+9-2
Original file line numberDiff line numberDiff line change
@@ -100,16 +100,23 @@ def authorize_access_token(self, **kwargs):
100100
"state": request.form.get("state"),
101101
}
102102

103-
claims_options = kwargs.pop("claims_options", None)
104103
state_data = self.framework.get_state_data(session, params.get("state"))
105104
self.framework.clear_state_data(session, params.get("state"))
106105
params = self._format_state_params(state_data, params)
106+
107+
claims_options = kwargs.pop("claims_options", None)
108+
claims_cls = kwargs.pop("claims_cls", None)
109+
leeway = kwargs.pop("leeway", 120)
107110
token = self.fetch_access_token(**params, **kwargs)
108111
self.token = token
109112

110113
if "id_token" in token and "nonce" in state_data:
111114
userinfo = self.parse_id_token(
112-
token, nonce=state_data["nonce"], claims_options=claims_options
115+
token,
116+
nonce=state_data["nonce"],
117+
claims_options=claims_options,
118+
claims_cls=claims_cls,
119+
leeway=leeway,
113120
)
114121
token["userinfo"] = userinfo
115122
return token

authlib/integrations/starlette_client/apps.py

+9-2
Original file line numberDiff line numberDiff line change
@@ -78,15 +78,22 @@ async def authorize_access_token(self, request, **kwargs):
7878
else:
7979
session = request.session
8080

81-
claims_options = kwargs.pop("claims_options", None)
8281
state_data = await self.framework.get_state_data(session, params.get("state"))
8382
await self.framework.clear_state_data(session, params.get("state"))
8483
params = self._format_state_params(state_data, params)
84+
85+
claims_options = kwargs.pop("claims_options", None)
86+
claims_cls = kwargs.pop("claims_cls", None)
87+
leeway = kwargs.pop("leeway", 120)
8588
token = await self.fetch_access_token(**params, **kwargs)
8689

8790
if "id_token" in token and "nonce" in state_data:
8891
userinfo = await self.parse_id_token(
89-
token, nonce=state_data["nonce"], claims_options=claims_options
92+
token,
93+
nonce=state_data["nonce"],
94+
claims_options=claims_options,
95+
claims_cls=claims_cls,
96+
leeway=leeway,
9097
)
9198
token["userinfo"] = userinfo
9299
return token

0 commit comments

Comments
 (0)