From 504427f3a91b14cc197f5c5e2fea7333bf811937 Mon Sep 17 00:00:00 2001
From: kaiyou <pierre@jaury.eu>
Date: Tue, 17 Mar 2020 14:30:51 +0100
Subject: [PATCH] Support multiple scopes, including profile and email

---
 hiboo/sso/oidc.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/hiboo/sso/oidc.py b/hiboo/sso/oidc.py
index dd9a77f1..8b69813a 100644
--- a/hiboo/sso/oidc.py
+++ b/hiboo/sso/oidc.py
@@ -124,7 +124,7 @@ class Client(sqla_oauth2.OAuth2ClientMixin):
     hybrid flows.
     """
 
-    scope = "openid"
+    scope = "openid profile email"
 
     # Declare grant types using the above base classes
     AuthorizationCodeGrant = type("AuthorizationCodeGrant", (AuthorizationCodeMixin, oauth2.grants.AuthorizationCodeGrant), {})
@@ -167,8 +167,8 @@ class Client(sqla_oauth2.OAuth2ClientMixin):
         """ User info generation function used by the oidc code mixin and the userinfo endpoint
         """
         special_mappings = self.service.config.get("special_mappings", [])
-        claims = dict()    
-        if "openid" in scope:
+        claims = dict()
+        if "profile" in scope:
             claims.update(
                 sub=profile.username if "mask_sub_uuid" in special_mappings else profile.uuid,
                 name=profile.username,
@@ -176,7 +176,7 @@ class Client(sqla_oauth2.OAuth2ClientMixin):
                 login=profile.username
             )
         if "email" in scope:
-            user_email = profile.user.contact.get("email")
+            user_email = profile.user.contact.get("email") if profile.user.contact else None
             claims.update(
                 email=user_email if "original_email" in special_mappings else profile.email
             )
-- 
GitLab