Merge branch 'master' into css_do_over_2

tykling · web-flow · commit b2840cc0d764 · 2025-05-04T13:35:04.000+02:00
diff --git a/src/bornhack/oauth_validators.py b/src/bornhack/oauth_validators.py
@@ -10,6 +10,7 @@ class BornhackOAuth2Validator(OAuth2Validator):
     # https://django-oauth-toolkit.readthedocs.io/en/latest/oidc.html#using-oidc-scopes-to-determine-which-claims-are-returned
     oidc_claim_scope = {
         # the OIDC standard user claims we support, and the OIDC standard scopes they require
+        "sub": "openid",
         "email": "email",
         "email_verified": "email",
         "phone_number": "phone",
diff --git a/src/profiles/forms.py b/src/profiles/forms.py
@@ -4,13 +4,11 @@
 
 def get_scopes() -> list[str]:
     validator = BornhackOAuth2Validator()
-    return (
-        (claim, claim) for claim in sorted(set(validator.oidc_claim_scope.values()))
-    )
-
+    return ((scope, scope) for scope in sorted(set(validator.oidc_claim_scope.values())) if scope!="openid")
 
+  
 class OIDCForm(forms.Form):
     scopes = forms.MultipleChoiceField(
         choices=get_scopes,
-        help_text="Select the scopes to simulate",
-    )
+        help_text="Select the scopes to simulate. The 'openid' scope is always included.",
+    )
diff --git a/src/profiles/templates/oidc.html b/src/profiles/templates/oidc.html
@@ -11,7 +11,7 @@
       <h4>OIDC Claims</h4>
     </div>
     <div class="card-body">
-      <p class="lead">When using BornHack as an IDP (logging into other sites using your BornHack account) you can control which user claims are returned by asking for one or more of the following claim scopes:</p>
+        <p class="lead">When using BornHack as an IDP (logging into other sites using your BornHack account) you can control which <i>user claims</i> are shared with the remote site by asking for one or more of the following <i>claim scopes</i>:</p>
       <p><ul>
         {% for scope in all_scopes %}
           <li><code>{{ scope }}</code></li>
diff --git a/src/profiles/views.py b/src/profiles/views.py
@@ -155,8 +155,7 @@ def get_context_data(self, **kwargs):
             if scope in self.request.GET.getlist(key="scopes"):
                 context["claims"][claim] = value
         context["scopes"] = self.scopes
-        context["active_scopes"] = ["openid"] + sorted(
-            list(set(self.request.GET.getlist(key="scopes")))
-        )
-        context["all_scopes"] = sorted(list(set(self.scopes.values())))
-        return context
+        context["active_scopes"] = ["openid"] + sorted(set(self.request.GET.getlist(key="scopes")))
+        context["all_scopes"] = sorted(set(self.scopes.values()))
+        del(context["all_scopes"][context["all_scopes"].index("openid")])
+        return context
