fix: authts#415 allow to get and process claims when scope does not c…

…ontain openid
kyxyes · Mar 15, 2022 · 558319b · 558319b
1 parent 0d2e402
commit 558319b
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 9 deletions.
diff --git a/src/ResponseValidator.test.ts b/src/ResponseValidator.test.ts
@@ -310,7 +310,7 @@ describe("ResponseValidator", () => {
             });
         });
 
-        it("should not run if request was not openid", async () => {
+        it("should run if request was not openid", async () => {
             // arrange
             Object.assign(settings, { loadUserInfo: true });
             Object.assign(stubResponse, {
@@ -322,7 +322,7 @@ describe("ResponseValidator", () => {
             await subject.validateSigninResponse(stubResponse, stubState);
 
             // assert
-            expect(subject["_userInfoService"].getClaims).not.toHaveBeenCalled();
+            expect(subject["_userInfoService"].getClaims).toHaveBeenCalled();
         });
 
         it("should not load and merge user info claims when loadUserInfo not configured", async () => {

diff --git a/src/ResponseValidator.ts b/src/ResponseValidator.ts
@@ -152,11 +152,6 @@ export class ResponseValidator {
 
     protected async _processClaims(response: SigninResponse, skipUserInfo = false): Promise<void> {
         const logger = this._logger.create("_processClaims");
-        if (!response.isOpenId) {
-            logger.debug("response is not OIDC, skipping claims processing");
-            return;
-        }
-        logger.debug("response is OIDC, processing claims", response.profile);
         response.profile = this._filterProtocolClaims(response.profile);
 
         if (skipUserInfo || !this._settings.loadUserInfo || !response.access_token) {
@@ -165,11 +160,10 @@ export class ResponseValidator {
         }
 
         logger.debug("loading user info");
-
         const claims = await this._userInfoService.getClaims(response.access_token);
         logger.debug("user info claims received from user info endpoint");
 
-        if (claims.sub !== response.profile.sub) {
+        if (response.isOpenId && claims.sub !== response.profile.sub) {
             logger.throw(new Error("subject from UserInfo response does not match subject in ID Token"));
         }