(self, request: OAuth2Request)
| 62 | return self.server.create_oauth2_request(request) |
| 63 | |
| 64 | def __call__(self, request: OAuth2Request): |
| 65 | token = self.resource_protector.acquire_token("openid") |
| 66 | client = token.get_client() |
| 67 | user = token.get_user() |
| 68 | user_info = self.generate_user_info(user, token.scope) |
| 69 | |
| 70 | if alg := client.client_metadata.get("userinfo_signed_response_alg"): |
| 71 | # If signed, the UserInfo Response MUST contain the Claims iss |
| 72 | # (issuer) and aud (audience) as members. The iss value MUST be |
| 73 | # the OP's Issuer Identifier URL. The aud value MUST be or |
| 74 | # include the RP's Client ID value. |
| 75 | user_info["iss"] = self.get_issuer() |
| 76 | user_info["aud"] = client.client_id |
| 77 | |
| 78 | key = import_any_key(self.resolve_private_key()) |
| 79 | algorithms = self.get_supported_algorithms() |
| 80 | data = jwt.encode({"alg": alg}, user_info, key, algorithms) |
| 81 | return 200, data, [("Content-Type", "application/jwt")] |
| 82 | |
| 83 | return 200, user_info, default_json_headers |
| 84 | |
| 85 | def get_supported_algorithms(self) -> list[str]: |
| 86 | """Return the supported algorithms for userinfo signing. |
nothing calls this directly
no test coverage detected