From 8ea3f44d209833396be358b182edf191624b2c61 Mon Sep 17 00:00:00 2001
From: peppelinux <giuseppe.demarco@unical.it>
Date: Fri, 14 May 2021 18:56:59 +0200
Subject: [PATCH] feat: added required access token claims

fix: remove unused import

fix: tests
---
 src/oidcop/session/grant.py   | 20 +++++++++++++++-----
 src/oidcop/token/jwt_token.py | 11 ++++++++++-
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/src/oidcop/session/grant.py b/src/oidcop/session/grant.py
index de089cdc..2364f367 100644
--- a/src/oidcop/session/grant.py
+++ b/src/oidcop/session/grant.py
@@ -172,9 +172,18 @@ def payload_arguments(self, session_id: str, endpoint_context,
 
         payload = {
             "scope": scope,
-            "aud": self.resources
+            "aud": self.resources,
+            "jti" : uuid1().hex
         }
 
+        if self.authorization_request:
+            client_id = self.authorization_request.get('client_id')
+            if client_id:
+                payload.update({
+                    "client_id": client_id,
+                    'sub': client_id
+                })
+
         _claims_restriction = endpoint_context.claims_interface.get_claims(session_id,
                                                                            scopes=scope,
                                                                            usage=token_type)
@@ -232,11 +241,12 @@ def mint_token(self,
                 token_handler = endpoint_context.session_manager.token_handler.handler[
                     GRANT_TYPE_MAP[token_type]]
 
+            token_payload = self.payload_arguments(session_id,
+                                                   endpoint_context,
+                                                   token_type=token_type,
+                                                   scope=scope)
             item.value = token_handler(session_id=session_id,
-                                       **self.payload_arguments(session_id,
-                                                                endpoint_context,
-                                                                token_type=token_type,
-                                                                scope=scope))
+                                       **token_payload)
         else:
             raise ValueError("Can not mint that kind of token")
 
diff --git a/src/oidcop/token/jwt_token.py b/src/oidcop/token/jwt_token.py
index 8b1dbaf7..5ee9cf8a 100644
--- a/src/oidcop/token/jwt_token.py
+++ b/src/oidcop/token/jwt_token.py
@@ -48,6 +48,10 @@ def __init__(
         self.def_aud = aud or []
         self.alg = alg
 
+    def load_claims(self, payload:dict={}):
+        # inherit me and do your things here
+        return payload
+
     def __call__(self,
                  session_id: Optional[str] = '',
                  ttype: Optional[str] = '',
@@ -66,7 +70,12 @@ def __call__(self,
         else:
             ttype = "A"
 
-        payload.update({"sid": session_id, "ttype": ttype})
+        payload.update(
+            {"sid": session_id,
+             "ttype": ttype
+            }
+        )
+        payload = self.load_claims(payload)
 
         # payload.update(kwargs)
         signer = JWT(