fixed issue with non-added user claims to id_token after authorization

src/OAuth2/OpenID/Controller/AuthorizeController.php

@@ -3,8 +3,11 @@
 namespace OAuth2\OpenID\Controller;
 
 use OAuth2\Controller\AuthorizeController as BaseAuthorizeController;
+use OAuth2\OpenID\Storage\UserClaimsInterface;
 use OAuth2\RequestInterface;
 use OAuth2\ResponseInterface;
+use OAuth2\ScopeInterface;
+use OAuth2\Storage\ClientInterface;
 
 /**
  * @see OAuth2\Controller\AuthorizeControllerInterface
@@ -26,6 +29,19 @@ class AuthorizeController extends BaseAuthorizeController implements AuthorizeCo
      */
     protected $code_challenge_method;
 
+    private $userClaimsStorage;
+
+    public function __construct(
+        ClientInterface $clientStorage,
+        array $responseTypes = array(),
+        array $config = array(),
+        ScopeInterface $scopeUtil = null,
+        UserClaimsInterface $userClaimsStorage = null
+    ) {
+        parent::__construct($clientStorage, $responseTypes, $config, $scopeUtil);
+        $this->userClaimsStorage = $userClaimsStorage;
+    }
+
     /**
      * Set not authorized response
      *
@@ -69,7 +85,11 @@ protected function buildAuthorizeParameters($request, $response, $user_id)
 
         // Generate an id token if needed.
         if ($this->needsIdToken($this->getScope()) && $this->getResponseType() == self::RESPONSE_TYPE_AUTHORIZATION_CODE) {
-            $params['id_token'] = $this->responseTypes['id_token']->createIdToken($this->getClientId(), $user_id, $this->nonce);
+            $userClaims = null;
+            if (!is_null($this->userClaimsStorage)) {
+                $userClaims = $this->userClaimsStorage->getUserClaims($user_id, $this->getScope());
+            }
+            $params['id_token'] = $this->responseTypes['id_token']->createIdToken($this->getClientId(), $user_id, $this->nonce, $userClaims);
         }
 
         // add the nonce to return with the redirect URI

src/OAuth2/Server.php

@@ -581,7 +581,7 @@ protected function createDefaultAuthorizeController()
         $config = array_intersect_key($this->config, array_flip(explode(' ', 'allow_implicit enforce_state require_exact_redirect_uri enforce_pkce')));
 
         if ($this->config['use_openid_connect']) {
-            return new OpenIDAuthorizeController($this->storages['client'], $this->responseTypes, $config, $this->getScopeUtil());
+            return new OpenIDAuthorizeController($this->storages['client'], $this->responseTypes, $config, $this->getScopeUtil(), $this->storages['user_claims'] ?? null);
         }
 
         return new AuthorizeController($this->storages['client'], $this->responseTypes, $config, $this->getScopeUtil());

test/OAuth2/OpenID/Controller/AuthorizeControllerTest.php

@@ -2,6 +2,8 @@
 
 namespace OAuth2\OpenID\Controller;
 
+use OAuth2\OpenID\ResponseType\AuthorizationCode;
+use OAuth2\OpenID\ResponseType\IdToken;
 use OAuth2\Storage\Bootstrap;
 use OAuth2\Server;
 use OAuth2\Request;
@@ -180,4 +182,35 @@ private function getTestServer($config = array())
 
         return $server;
     }
+
+    public function testUserClaimsInIdToken()
+    {
+        $server = $this->getTestServer();
+        $idTokenResponseType = $this->createMock(IdToken::class);
+        $idTokenResponseType->expects($this->once())
+            ->method('createIdToken')
+            ->with('Test Client ID', null, 'n-0S6_WzA2Mj', ['sub' => 'test-sub', 'email' => 'test@email.com'])
+            ->willReturnOnConsecutiveCalls('unit-test-id-token-1', 'unit-test-id-token-2');
+
+        $server->addResponseType($idTokenResponseType, 'id_token');
+        $server->addResponseType(new AuthorizationCode($server->getStorage('authorization_code')), 'code');
+
+        $response = new Response();
+        $request = new Request(array(
+            'client_id'     => 'Test Client ID', // valid client id
+            'redirect_uri'  => 'http://adobe.com', // valid redirect URI
+            'response_type' => 'code',
+            'state'         => 'af0ifjsldkj',
+            'nonce'         => 'n-0S6_WzA2Mj',
+            'scope'         => 'openid',
+        ));
+
+        $userClaimsStorage = $this->createMock('OAuth2\OpenID\Storage\UserClaimsInterface');
+        $userClaimsStorage->method('getUserClaims')
+            ->willReturn(array('sub' => 'test-sub', 'email' => 'test@email.com'));
+
+        $server->addStorage($userClaimsStorage, 'user_claims');
+
+        $server->handleAuthorizeRequest($request, $response, true);
+    }
 }