diff --git a/oauthproxy.go b/oauthproxy.go index 508084c8..82f265f8 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -721,15 +721,17 @@ func (p *OAuthProxy) UserInfo(rw http.ResponseWriter, req *http.Request) { } userInfo := struct { - User string `json:"user"` - Email string `json:"email"` - Groups []string `json:"groups,omitempty"` - PreferredUsername string `json:"preferredUsername,omitempty"` + User string `json:"user"` + Email string `json:"email"` + Groups []string `json:"groups,omitempty"` + PreferredUsername string `json:"preferredUsername,omitempty"` + AdditionalClaims map[string]interface{} `json:"additionalClaims,omitempty"` }{ User: session.User, Email: session.Email, Groups: session.Groups, PreferredUsername: session.PreferredUsername, + AdditionalClaims: session.AdditionalClaims, } if err := json.NewEncoder(rw).Encode(userInfo); err != nil { diff --git a/oauthproxy_test.go b/oauthproxy_test.go index ccabdbbd..b1411e4c 100644 --- a/oauthproxy_test.go +++ b/oauthproxy_test.go @@ -1032,6 +1032,20 @@ func TestUserInfoEndpointAccepted(t *testing.T) { }, expectedResponse: "{\"user\":\"john.doe\",\"email\":\"john.doe@example.com\",\"groups\":[\"example\",\"groups\"],\"preferredUsername\":\"john\"}\n", }, + { + name: "With Additional Claim", + session: &sessions.SessionState{ + User: "john.doe", + PreferredUsername: "john", + Email: "john.doe@example.com", + Groups: []string{"example", "groups"}, + AccessToken: "my_access_token", + AdditionalClaims: map[string]interface{}{ + "foo": "bar", + }, + }, + expectedResponse: "{\"user\":\"john.doe\",\"email\":\"john.doe@example.com\",\"groups\":[\"example\",\"groups\"],\"preferredUsername\":\"john\",\"additionalClaims\":{\"foo\":\"bar\"}}\n", + }, } for _, tc := range testCases {