identity/oidc: adds claims_supported to discovery document (#16992)

* identity/oidc: adds claims_supported to discovery document * adds changelog
hashicorp · Sep 2, 2022 · f7a50f3 · f7a50f3
1 parent 3d5ed41
commit f7a50f3
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 0 deletions.
diff --git a/changelog/16992.txt b/changelog/16992.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+identity/oidc: Adds `claims_supported` to discovery document.
+```
diff --git a/vault/identity_store_oidc_provider.go b/vault/identity_store_oidc_provider.go
@@ -159,6 +159,7 @@ type providerDiscovery struct {
 	IDTokenAlgs           []string `json:"id_token_signing_alg_values_supported"`
 	ResponseTypes         []string `json:"response_types_supported"`
 	Scopes                []string `json:"scopes_supported"`
+	Claims                []string `json:"claims_supported"`
 	Subjects              []string `json:"subject_types_supported"`
 	GrantTypes            []string `json:"grant_types_supported"`
 	AuthMethods           []string `json:"token_endpoint_auth_methods_supported"`
@@ -1478,6 +1479,7 @@ func (i *IdentityStore) pathOIDCProviderDiscovery(ctx context.Context, req *logi
 		UserinfoEndpoint:      p.effectiveIssuer + "/userinfo",
 		IDTokenAlgs:           supportedAlgs,
 		Scopes:                scopes,
+		Claims:                []string{},
 		RequestParameter:      false,
 		RequestURIParameter:   false,
 		ResponseTypes:         []string{"code"},

diff --git a/vault/identity_store_oidc_provider_test.go b/vault/identity_store_oidc_provider_test.go
@@ -3623,6 +3623,7 @@ func TestOIDC_Path_OpenIDProviderConfig(t *testing.T) {
 		Keys:                  basePath + "/.well-known/keys",
 		ResponseTypes:         []string{"code"},
 		Scopes:                []string{"test-scope-1", "openid"},
+		Claims:                []string{},
 		Subjects:              []string{"public"},
 		IDTokenAlgs:           supportedAlgs,
 		AuthorizationEndpoint: "/ui/vault/identity/oidc/provider/test-provider/authorize",
@@ -3678,6 +3679,7 @@ func TestOIDC_Path_OpenIDProviderConfig(t *testing.T) {
 		Keys:                  basePath + "/.well-known/keys",
 		ResponseTypes:         []string{"code"},
 		Scopes:                []string{"test-scope-2", "openid"},
+		Claims:                []string{},
 		Subjects:              []string{"public"},
 		IDTokenAlgs:           supportedAlgs,
 		AuthorizationEndpoint: testIssuer + "/ui/vault/identity/oidc/provider/test-provider/authorize",