OIDC_EXTRA_SCOPE_CLAIMS in OIDC_AUTH

[popadi]

Hello!

Any way of using OIDC_EXTRA_SCOPE_CLAIMS in OIDC_AUTH or this is something that's available only in django-oidc-provider? I'm trying to add extra claims to the token (i.e. user's department) but I'm not sure if it's possible do it only by using this package.

Thank you.

[kerrermanisNL]

Hi popadi, do you mean OIDC_CLAIMS_OPTIONS?
See: https://github.com/ByteInternet/drf-oidc-auth/blob/master/oidc_auth/settings.py#L14 and https://docs.authlib.org/en/latest/jose/jwt.html#jwt-payload-claims-validation?

[popadi]

Hi popadi, do you mean OIDC_CLAIMS_OPTIONS?

Hey!
No, I know you can set that, I was referring to a property like OIDC_EXTRA_SCOPE_CLAIMS that would allow you to add extra claims to the token, others than the classic 6 aud, iss, sub, jti etc. Initially I saw that property in the django-oidc-provider package. I accidentally used the wrong link above, the correct link is actually this and this. Basically I was wondering if this package allows me too do something similar.

[kerrermanisNL]

Just so we're on the same page here do you want to read those claims for the token, or do you want to add them? Adding them is not possible in any way, since this is not an OIDC provider :)

If you want to read them, I'm not entirely sure since I haven't used it in this package. But you can probably just add them in the OIDC provider, then this package will read them from the OIDC_CLAIMS_OPTIONS (https://github.com/ByteInternet/drf-oidc-auth/blob/master/oidc_auth/settings.py#L14), i.e.:

drf-oidc-auth/oidc_auth/authentication.py

Line 118 in 5fefacb

def claims_options(self):

and

drf-oidc-auth/oidc_auth/authentication.py

Line 176 in 5fefacb

claims_options=self.claims_options

. Again, have not used this functionality myself, but I imagine it would work like so :) Probably easiest to try it out and see :)