summaryrefslogtreecommitdiff
diff options
Diffstat
-rw-r--r--src/oic/oic/message.py4
-rw-r--r--tests/test_oic_consumer.py20
2 files changed, 22 insertions, 2 deletions
diff --git a/src/oic/oic/message.py b/src/oic/oic/message.py
index c719488f..d6bda692 100644
--- a/src/oic/oic/message.py
+++ b/src/oic/oic/message.py
@@ -352,6 +352,10 @@ class AccessTokenResponse(message.AccessTokenResponse):
def verify(self, **kwargs):
super().verify(**kwargs)
if "id_token" in self:
+ # The ID token JWT needs to be passed in the access token response
+ # to be usable as id_token_hint for RP-Initiated Logout. Refer to
+ # https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout
+ self["id_token_jwt"] = self["id_token"]
# replace the JWT with the verified IdToken instance
self["id_token"] = verify_id_token(self, **kwargs)
diff --git a/tests/test_oic_consumer.py b/tests/test_oic_consumer.py
index 0e0d1dd1..40964229 100644
--- a/tests/test_oic_consumer.py
+++ b/tests/test_oic_consumer.py
@@ -518,7 +518,15 @@ class TestOICConsumer:
assert auth is None
assert isinstance(atr, AccessTokenResponse)
assert _eq(
- atr.keys(), ["access_token", "id_token", "token_type", "state", "scope"]
+ atr.keys(),
+ [
+ "access_token",
+ "id_token",
+ "id_token_jwt",
+ "token_type",
+ "state",
+ "scope",
+ ],
)
assert isinstance(idt, IdToken)
@@ -580,7 +588,15 @@ class TestOICConsumer:
assert auth is None
assert isinstance(atr, AccessTokenResponse)
assert _eq(
- atr.keys(), ["access_token", "id_token", "token_type", "state", "scope"]
+ atr.keys(),
+ [
+ "access_token",
+ "id_token",
+ "id_token_jwt",
+ "token_type",
+ "state",
+ "scope",
+ ],
)
assert isinstance(idt, IdToken)
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-23 18:11:59 +0000