OIDC: 5.4. Requesting Claims using Scope Values #1107
Description
Is your feature request related to a problem? Please describe.
Per the OIDC spec 5.4 one should be able to use OIDC standard scopes to limit which additional claims are returned in the ID Token and Userinfo response. The current implementation is unable to filter which additional claims to return in a reasonable way.
Describe the solution you'd like
The ability to extend get_oidc_claims() to use the granted access token scopes. This does not work because upstream oauthlib does not pass the correct request.scopes instead hardcoding the scope list as ["openid"]
Describe alternatives you've considered
A small fix to get_userinfo_claims() will make the access_token.scopes available. PR coming soon;-)
I've prototyped this here.
Additional context
I believe the "right" way to get access to the scopes might require a fix to oauthlib, but the workaround above seems to be a pretty good start.