identity/oidc: adds claims_supported to discovery document (#16992)

* identity/oidc: adds claims_supported to discovery document * adds changelog
2022-09-02 09:19:25 -07:00 · 2022-09-02 09:19:25 -07:00 · 1ea50db6c6
parent 608a4777a0
commit 1ea50db6c6
3 changed files with 7 additions and 0 deletions
--- a/changelog/16992.txt
+++ b/changelog/16992.txt
@ -0,0 +1,3 @@
+```release-note:bug
+identity/oidc: Adds `claims_supported` to discovery document.
+```
--- a/vault/identity_store_oidc_provider.go
+++ b/vault/identity_store_oidc_provider.go
@ -159,6 +159,7 @@ type providerDiscovery struct {
 	IDTokenAlgs           []string `json:"id_token_signing_alg_values_supported"`
 	ResponseTypes         []string `json:"response_types_supported"`
 	Scopes                []string `json:"scopes_supported"`
+	Claims                []string `json:"claims_supported"`
 	Subjects              []string `json:"subject_types_supported"`
 	GrantTypes            []string `json:"grant_types_supported"`
 	AuthMethods           []string `json:"token_endpoint_auth_methods_supported"`
@ -1478,6 +1479,7 @@ func (i *IdentityStore) pathOIDCProviderDiscovery(ctx context.Context, req *logi
 		UserinfoEndpoint:      p.effectiveIssuer + "/userinfo",
 		IDTokenAlgs:           supportedAlgs,
 		Scopes:                scopes,
+		Claims:                []string{},
 		RequestParameter:      false,
 		RequestURIParameter:   false,
 		ResponseTypes:         []string{"code"},
--- a/vault/identity_store_oidc_provider_test.go
+++ b/vault/identity_store_oidc_provider_test.go
@ -3623,6 +3623,7 @@ func TestOIDC_Path_OpenIDProviderConfig(t *testing.T) {
 		Keys:                  basePath + "/.well-known/keys",
 		ResponseTypes:         []string{"code"},
 		Scopes:                []string{"test-scope-1", "openid"},
+		Claims:                []string{},
 		Subjects:              []string{"public"},
 		IDTokenAlgs:           supportedAlgs,
 		AuthorizationEndpoint: "/ui/vault/identity/oidc/provider/test-provider/authorize",
@ -3678,6 +3679,7 @@ func TestOIDC_Path_OpenIDProviderConfig(t *testing.T) {
 		Keys:                  basePath + "/.well-known/keys",
 		ResponseTypes:         []string{"code"},
 		Scopes:                []string{"test-scope-2", "openid"},
+		Claims:                []string{},
 		Subjects:              []string{"public"},
 		IDTokenAlgs:           supportedAlgs,
 		AuthorizationEndpoint: testIssuer + "/ui/vault/identity/oidc/provider/test-provider/authorize",