diff --git a/oidc_provider/lib/endpoints/introspection.py b/oidc_provider/lib/endpoints/introspection.py index 8f41de93..9e95730a 100644 --- a/oidc_provider/lib/endpoints/introspection.py +++ b/oidc_provider/lib/endpoints/introspection.py @@ -61,7 +61,7 @@ def validate_params(self): self.id_token = self.token.id_token - if settings.get('OIDC_INTROSPECTION_VALIDATE_AUDIENCE_SCOPE'): + if settings.get('OIDC_INTROSPECTION_VALIDATE_AUDIENCE_SCOPE') and self.token.user: if not self.token.id_token: logger.debug('[Introspection] Token not an authentication token: %s', self.params['token']) @@ -85,6 +85,7 @@ def create_response_dic(self): response_dic[k] = self.id_token[k] response_dic['active'] = True response_dic['client_id'] = self.token.client.client_id + response_dic['scope'] = ' '.join(self.token.scope) response_dic = run_processing_hook(response_dic, 'OIDC_INTROSPECTION_PROCESSING_HOOK', diff --git a/oidc_provider/lib/utils/token.py b/oidc_provider/lib/utils/token.py index 23012231..d3fd3ab2 100644 --- a/oidc_provider/lib/utils/token.py +++ b/oidc_provider/lib/utils/token.py @@ -55,11 +55,12 @@ def create_id_token(token, user, aud, nonce='', at_hash='', request=None, scope= # Inlude (or not) user standard claims in the id_token. if settings.get('OIDC_IDTOKEN_INCLUDE_CLAIMS'): - standard_claims = StandardScopeClaims(token) - dic.update(standard_claims.create_response_dic()) if settings.get('OIDC_EXTRA_SCOPE_CLAIMS'): custom_claims = settings.get('OIDC_EXTRA_SCOPE_CLAIMS', import_str=True)(token) - dic.update(custom_claims.create_response_dic()) + claims = custom_claims.create_response_dic() + else: + claims = StandardScopeClaims(token).create_response_dic() + dic.update(claims) dic = run_processing_hook( dic, 'OIDC_IDTOKEN_PROCESSING_HOOK',