From 2b8fa635dc88529096819c71cfc856dd4e357bb3 Mon Sep 17 00:00:00 2001
From: James Gunn <james@gunn.io>
Date: Tue, 17 Oct 2023 15:23:39 +0100
Subject: [PATCH] Reduce the claims contained in the access token (#742)

---
 .../Controllers/AuthorizationController.cs            | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/dotnet-authserver/src/TeacherIdentity.AuthServer/Controllers/AuthorizationController.cs b/dotnet-authserver/src/TeacherIdentity.AuthServer/Controllers/AuthorizationController.cs
index d2d40023e..000c28337 100644
--- a/dotnet-authserver/src/TeacherIdentity.AuthServer/Controllers/AuthorizationController.cs
+++ b/dotnet-authserver/src/TeacherIdentity.AuthServer/Controllers/AuthorizationController.cs
@@ -446,10 +446,13 @@ public async Task<IActionResult> SignOutPost()
 
     private static IEnumerable<string> GetDestinations(Claim claim, ClaimsPrincipal principal)
     {
-        yield return Destinations.AccessToken;
-
         switch (claim.Type)
         {
+            case Claims.Subject:
+                yield return Destinations.AccessToken;
+                yield return Destinations.IdentityToken;
+                yield break;
+
             case Claims.Name:
             case Claims.GivenName:
             case Claims.MiddleName:
@@ -483,6 +486,10 @@ private static IEnumerable<string> GetDestinations(Claim claim, ClaimsPrincipal
                 yield break;
 
             case CustomClaims.Trn:
+                yield return Destinations.AccessToken;
+                yield return Destinations.IdentityToken;
+                yield break;
+
             case CustomClaims.TrnLookupStatus:
             case CustomClaims.NiNumber:
             case CustomClaims.TrnMatchNiNumber: