From 79d0353db3c653c8a8eef0ca2faba1dd42f7b92d Mon Sep 17 00:00:00 2001
From: rmiccoli <roberta.miccoli@cnaf.infn.it>
Date: Wed, 13 Sep 2023 17:15:54 +0200
Subject: [PATCH] Add OpenID Connect standard claims in ATs

for WLCG JWT profile.
---
 .../profile/wlcg/WLCGProfileAccessTokenBuilder.java      | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/core/oauth/profile/wlcg/WLCGProfileAccessTokenBuilder.java b/iam-login-service/src/main/java/it/infn/mw/iam/core/oauth/profile/wlcg/WLCGProfileAccessTokenBuilder.java
index d096d0843..831746dc6 100644
--- a/iam-login-service/src/main/java/it/infn/mw/iam/core/oauth/profile/wlcg/WLCGProfileAccessTokenBuilder.java
+++ b/iam-login-service/src/main/java/it/infn/mw/iam/core/oauth/profile/wlcg/WLCGProfileAccessTokenBuilder.java
@@ -79,6 +79,15 @@ public JWTClaimsSet buildAccessToken(OAuth2AccessTokenEntity token,
         builder.claim(ATTR_SCOPE, attributeHelper
           .getAttributeMapFromUserInfo(((UserInfoAdapter) userInfo).getUserinfo()));
       }
+      if (properties.getAccessToken().isIncludeAuthnInfo()) {
+        if (token.getScope().contains("email")) {
+          builder.claim("email", userInfo.getEmail());
+        }
+        if (token.getScope().contains("profile")) {
+          builder.claim("preferred_username", userInfo.getPreferredUsername());
+          builder.claim("name", userInfo.getName());
+        }
+      }
     }
 
     if (!hasAudienceRequest(authentication) && !hasRefreshTokenAudienceRequest(authentication)) {