From f7a50f3d26e60d9b71b9f71efae5440af4a830e5 Mon Sep 17 00:00:00 2001 From: Austin Gebauer <34121980+austingebauer@users.noreply.github.com> Date: Fri, 2 Sep 2022 09:19:25 -0700 Subject: [PATCH] identity/oidc: adds claims_supported to discovery document (#16992) * identity/oidc: adds claims_supported to discovery document * adds changelog --- changelog/16992.txt | 3 +++ vault/identity_store_oidc_provider.go | 2 ++ vault/identity_store_oidc_provider_test.go | 2 ++ 3 files changed, 7 insertions(+) create mode 100644 changelog/16992.txt diff --git a/changelog/16992.txt b/changelog/16992.txt new file mode 100644 index 000000000000..178bb4c8938b --- /dev/null +++ b/changelog/16992.txt @@ -0,0 +1,3 @@ +```release-note:bug +identity/oidc: Adds `claims_supported` to discovery document. +``` diff --git a/vault/identity_store_oidc_provider.go b/vault/identity_store_oidc_provider.go index a8320c29c262..8de2376f5034 100644 --- a/vault/identity_store_oidc_provider.go +++ b/vault/identity_store_oidc_provider.go @@ -159,6 +159,7 @@ type providerDiscovery struct { IDTokenAlgs []string `json:"id_token_signing_alg_values_supported"` ResponseTypes []string `json:"response_types_supported"` Scopes []string `json:"scopes_supported"` + Claims []string `json:"claims_supported"` Subjects []string `json:"subject_types_supported"` GrantTypes []string `json:"grant_types_supported"` AuthMethods []string `json:"token_endpoint_auth_methods_supported"` @@ -1478,6 +1479,7 @@ func (i *IdentityStore) pathOIDCProviderDiscovery(ctx context.Context, req *logi UserinfoEndpoint: p.effectiveIssuer + "/userinfo", IDTokenAlgs: supportedAlgs, Scopes: scopes, + Claims: []string{}, RequestParameter: false, RequestURIParameter: false, ResponseTypes: []string{"code"}, diff --git a/vault/identity_store_oidc_provider_test.go b/vault/identity_store_oidc_provider_test.go index 8fd89c075e57..a0f3e06e133a 100644 --- a/vault/identity_store_oidc_provider_test.go +++ b/vault/identity_store_oidc_provider_test.go @@ -3623,6 +3623,7 @@ func TestOIDC_Path_OpenIDProviderConfig(t *testing.T) { Keys: basePath + "/.well-known/keys", ResponseTypes: []string{"code"}, Scopes: []string{"test-scope-1", "openid"}, + Claims: []string{}, Subjects: []string{"public"}, IDTokenAlgs: supportedAlgs, AuthorizationEndpoint: "/ui/vault/identity/oidc/provider/test-provider/authorize", @@ -3678,6 +3679,7 @@ func TestOIDC_Path_OpenIDProviderConfig(t *testing.T) { Keys: basePath + "/.well-known/keys", ResponseTypes: []string{"code"}, Scopes: []string{"test-scope-2", "openid"}, + Claims: []string{}, Subjects: []string{"public"}, IDTokenAlgs: supportedAlgs, AuthorizationEndpoint: testIssuer + "/ui/vault/identity/oidc/provider/test-provider/authorize",