summaryrefslogtreecommitdiff
diff options
authorTomáš Pazderka <tomas.pazderka@nic.cz>2022-05-04 09:17:02 +0200
committerTomáš Pazderka <tomas.pazderka@nic.cz>2022-05-04 09:17:02 +0200
commit1e7ed6ff6e492f9422cac2bda89cdda0fa0260bb (patch)
treef9269903153b599229c7eb5d9992bca813d5e1cc
parent55a6cd1c8787647800108cc55403462b2ca9b24c (diff)
parent3d97d5a1e006c505e845c8c54fcef547b4f9b145 (diff)
Merge branch 'infohash-feature/id-token-jwt-in-token-response'
Diffstat
-rw-r--r--src/oic/oic/message.py4
-rw-r--r--tests/test_oic_consumer.py20
2 files changed, 22 insertions, 2 deletions
diff --git a/src/oic/oic/message.py b/src/oic/oic/message.py
index c719488f..d6bda692 100644
--- a/src/oic/oic/message.py
+++ b/src/oic/oic/message.py
@@ -352,6 +352,10 @@ class AccessTokenResponse(message.AccessTokenResponse):
def verify(self, **kwargs):
super().verify(**kwargs)
if "id_token" in self:
+ # The ID token JWT needs to be passed in the access token response
+ # to be usable as id_token_hint for RP-Initiated Logout. Refer to
+ # https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout
+ self["id_token_jwt"] = self["id_token"]
# replace the JWT with the verified IdToken instance
self["id_token"] = verify_id_token(self, **kwargs)
diff --git a/tests/test_oic_consumer.py b/tests/test_oic_consumer.py
index 0e0d1dd1..40964229 100644
--- a/tests/test_oic_consumer.py
+++ b/tests/test_oic_consumer.py
@@ -518,7 +518,15 @@ class TestOICConsumer:
assert auth is None
assert isinstance(atr, AccessTokenResponse)
assert _eq(
- atr.keys(), ["access_token", "id_token", "token_type", "state", "scope"]
+ atr.keys(),
+ [
+ "access_token",
+ "id_token",
+ "id_token_jwt",
+ "token_type",
+ "state",
+ "scope",
+ ],
)
assert isinstance(idt, IdToken)
@@ -580,7 +588,15 @@ class TestOICConsumer:
assert auth is None
assert isinstance(atr, AccessTokenResponse)
assert _eq(
- atr.keys(), ["access_token", "id_token", "token_type", "state", "scope"]
+ atr.keys(),
+ [
+ "access_token",
+ "id_token",
+ "id_token_jwt",
+ "token_type",
+ "state",
+ "scope",
+ ],
)
assert isinstance(idt, IdToken)
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-23 13:24:39 +0000