OIDC: Add "scopes_supported" to openid-configuration. (#1106)

* OIDC: Add "scopes_supported" to openid-configuration.
jazzband · Jan 27, 2022 · f46439e · f46439e
1 parent 691870c
commit f46439e
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -18,6 +18,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [2.0.0] unreleased
 
+### Added
+* #1106 Add "scopes_supported" to the [ConnectDiscoveryInfoView](https://django-oauth-toolkit.readthedocs.io/en/latest/oidc.html#connectdiscoveryinfoview).
+  This completes the view to provide all the REQUIRED and RECOMMENDED [OpenID Provider Metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).
+
 ### Changed
 * #1093 (**Breaking**) Changed to implement [hashed](https://docs.djangoproject.com/en/stable/topics/auth/passwords/)
   client_secret values. This is a **breaking change** that will migrate all your existing

diff --git a/oauth2_provider/views/oidc.py b/oauth2_provider/views/oidc.py
@@ -18,7 +18,8 @@
 
 class ConnectDiscoveryInfoView(OIDCOnlyMixin, View):
     """
-    View used to show oidc provider configuration information
+    View used to show oidc provider configuration information per
+    `OpenID Provider Metadata <https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata>`_
     """
 
     def get(self, request, *args, **kwargs):
@@ -49,13 +50,17 @@ def get(self, request, *args, **kwargs):
         validator_class = oauth2_settings.OAUTH2_VALIDATOR_CLASS
         validator = validator_class()
         oidc_claims = list(set(validator.get_discovery_claims(request)))
+        scopes_class = oauth2_settings.SCOPES_BACKEND_CLASS
+        scopes = scopes_class()
+        scopes_supported = [scope for scope in scopes.get_available_scopes()]
 
         data = {
             "issuer": issuer_url,
             "authorization_endpoint": authorization_endpoint,
             "token_endpoint": token_endpoint,
             "userinfo_endpoint": userinfo_endpoint,
             "jwks_uri": jwks_uri,
+            "scopes_supported": scopes_supported,
             "response_types_supported": oauth2_settings.OIDC_RESPONSE_TYPES_SUPPORTED,
             "subject_types_supported": oauth2_settings.OIDC_SUBJECT_TYPES_SUPPORTED,
             "id_token_signing_alg_values_supported": signing_algorithms,

diff --git a/tests/test_oidc_views.py b/tests/test_oidc_views.py
@@ -17,6 +17,7 @@ def test_get_connect_discovery_info(self):
             "token_endpoint": "http://localhost/o/token/",
             "userinfo_endpoint": "http://localhost/o/userinfo/",
             "jwks_uri": "http://localhost/o/.well-known/jwks.json",
+            "scopes_supported": ["read", "write", "openid"],
             "response_types_supported": [
                 "code",
                 "token",
@@ -44,6 +45,7 @@ def test_get_connect_discovery_info_without_issuer_url(self):
             "token_endpoint": "http://testserver/o/token/",
             "userinfo_endpoint": "http://testserver/o/userinfo/",
             "jwks_uri": "http://testserver/o/.well-known/jwks.json",
+            "scopes_supported": ["read", "write", "openid"],
             "response_types_supported": [
                 "code",
                 "token",