Fixed introspection sub claim. Fix #64

2021-10-03 20:26:47 +02:00 · 2021-10-03 20:26:47 +02:00 · 2b307e275a
commit 2b307e275a
parent a00ba086ad
2 changed files with 4 additions and 3 deletions
--- a/canaille/oauth2utils.py
+++ b/canaille/oauth2utils.py
@ -243,13 +243,14 @@ class IntrospectionEndpoint(_IntrospectionEndpoint):
    def introspect_token(self, token):
        client_id = Client.get(token.oauthClient).oauthClientID
        user = User.get(dn=token.oauthSubject)
        return {
            "active": True,
            "client_id": client_id,
            "token_type": token.oauthTokenType,
-            "username": User.get(dn=token.oauthSubject).name,
+            "username": user.name,
            "scope": token.get_scope(),
-            "sub": token.oauthSubject,
+            "sub": user.uid[0],
            "aud": client_id,
            "iss": authorization.metadata["issuer"],
            "exp": token.get_expires_at(),
--- a/tests/test_token_introspection.py
+++ b/tests/test_token_introspection.py
@ -14,7 +14,7 @@ def test_token_introspection(testclient, user, client, token):
        "token_type": token.oauthTokenType,
        "username": user.name,
        "scope": token.get_scope(),
-        "sub": token.oauthSubject,
+        "sub": user.uid[0],
        "aud": client.oauthClientID,
        "iss": "https://mydomain.tld",
        "exp": token.get_expires_at(),