thephpleague · ElisDN · May 3, 2021 · May 3, 2021
diff --git a/src/AuthorizationValidators/BearerTokenValidator.php b/src/AuthorizationValidators/BearerTokenValidator.php
@@ -118,7 +118,8 @@ public function validateAuthorization(ServerRequestInterface $request)
             ->withAttribute('oauth_access_token_id', $claims->get('jti'))
             ->withAttribute('oauth_client_id', $this->convertSingleRecordAudToString($claims->get('aud')))
             ->withAttribute('oauth_user_id', $claims->get('sub'))
-            ->withAttribute('oauth_scopes', $claims->get('scopes'));
+            ->withAttribute('oauth_scopes', $claims->get('scopes'))
+            ->withAttribute('oauth_custom_claims', $this->extractCustomClaims($claims->all()));
     }
 
     /**
@@ -132,4 +133,16 @@ private function convertSingleRecordAudToString($aud)
     {
         return \is_array($aud) && \count($aud) === 1 ? $aud[0] : $aud;
     }
+
+    /**
+     * Extract custom claims
+     *
+     * @param array $claims
+     *
+     * @return array
+     */
+    private function extractCustomClaims($claims)
+    {
+        return \array_diff_key($claims, \array_flip(['jti', 'aud', 'sub', 'scopes', 'iat', 'nbf', 'exp']));
+    }
 }
diff --git a/tests/AuthorizationValidators/BearerTokenValidatorTest.php b/tests/AuthorizationValidators/BearerTokenValidatorTest.php
@@ -34,13 +34,21 @@ public function testBearerTokenValidatorAcceptsValidToken()
             ->expiresAt((new DateTimeImmutable())->add(new DateInterval('PT1H')))
             ->relatedTo('user-id')
             ->withClaim('scopes', 'scope1 scope2 scope3 scope4')
+            ->withClaim('attr1', 'value')
+            ->withClaim('attr2', 42)
             ->getToken(new Sha256(), LocalFileReference::file(__DIR__ . '/../Stubs/private.key'));
 
         $request = (new ServerRequest())->withHeader('authorization', \sprintf('Bearer %s', $validJwt->toString()));
 
         $validRequest = $bearerTokenValidator->validateAuthorization($request);
 
         $this->assertArrayHasKey('authorization', $validRequest->getHeaders());
+
+        $this->assertEquals('token-id', $validRequest->getAttribute('oauth_access_token_id'));
+        $this->assertEquals('client-id', $validRequest->getAttribute('oauth_client_id'));
+        $this->assertEquals('user-id', $validRequest->getAttribute('oauth_user_id'));
+        $this->assertEquals('scope1 scope2 scope3 scope4', $validRequest->getAttribute('oauth_scopes'));
+        $this->assertEquals(['attr1' => 'value', 'attr2' => 42], $validRequest->getAttribute('oauth_custom_claims'));
     }
 
     public function testBearerTokenValidatorRejectsExpiredToken()