From 6d24781f9e9ac391ca1cd008619742b3f6159021 Mon Sep 17 00:00:00 2001
From: ElisDN <mail@elisdn.ru>
Date: Mon, 3 May 2021 15:29:32 +0300
Subject: [PATCH] Add parsing of custom claims

---
 .../BearerTokenValidator.php                      | 15 ++++++++++++++-
 .../BearerTokenValidatorTest.php                  |  3 +++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/AuthorizationValidators/BearerTokenValidator.php b/src/AuthorizationValidators/BearerTokenValidator.php
index bab8919f6..abebbecfc 100644
--- a/src/AuthorizationValidators/BearerTokenValidator.php
+++ b/src/AuthorizationValidators/BearerTokenValidator.php
@@ -118,7 +118,8 @@ public function validateAuthorization(ServerRequestInterface $request)
             ->withAttribute('oauth_access_token_id', $claims->get('jti'))
             ->withAttribute('oauth_client_id', $this->convertSingleRecordAudToString($claims->get('aud')))
             ->withAttribute('oauth_user_id', $claims->get('sub'))
-            ->withAttribute('oauth_scopes', $claims->get('scopes'));
+            ->withAttribute('oauth_scopes', $claims->get('scopes'))
+            ->withAttribute('oauth_custom_claims', $this->extractCustomClaims($claims->all()));
     }
 
     /**
@@ -132,4 +133,16 @@ private function convertSingleRecordAudToString($aud)
     {
         return \is_array($aud) && \count($aud) === 1 ? $aud[0] : $aud;
     }
+
+    /**
+     * Extract custom claims
+     *
+     * @param array $claims
+     *
+     * @return array
+     */
+    private function extractCustomClaims($claims)
+    {
+        return \array_diff_key($claims, \array_flip(['jti', 'aud', 'sub', 'scopes', 'iat', 'nbf', 'exp']));
+    }
 }
diff --git a/tests/AuthorizationValidators/BearerTokenValidatorTest.php b/tests/AuthorizationValidators/BearerTokenValidatorTest.php
index d2f634e78..f58f976d6 100644
--- a/tests/AuthorizationValidators/BearerTokenValidatorTest.php
+++ b/tests/AuthorizationValidators/BearerTokenValidatorTest.php
@@ -34,6 +34,8 @@ public function testBearerTokenValidatorAcceptsValidToken()
             ->expiresAt((new DateTimeImmutable())->add(new DateInterval('PT1H')))
             ->relatedTo('user-id')
             ->withClaim('scopes', 'scope1 scope2 scope3 scope4')
+            ->withClaim('attr1', 'value')
+            ->withClaim('attr2', 42)
             ->getToken(new Sha256(), LocalFileReference::file(__DIR__ . '/../Stubs/private.key'));
 
         $request = (new ServerRequest())->withHeader('authorization', \sprintf('Bearer %s', $validJwt->toString()));
@@ -46,6 +48,7 @@ public function testBearerTokenValidatorAcceptsValidToken()
         $this->assertEquals('client-id', $validRequest->getAttribute('oauth_client_id'));
         $this->assertEquals('user-id', $validRequest->getAttribute('oauth_user_id'));
         $this->assertEquals('scope1 scope2 scope3 scope4', $validRequest->getAttribute('oauth_scopes'));
+        $this->assertEquals(['attr1' => 'value', 'attr2' => 42], $validRequest->getAttribute('oauth_custom_claims'));
     }
 
     public function testBearerTokenValidatorRejectsExpiredToken()