From aacdfdde3cf415a296503d4299e2f42ec89e8621 Mon Sep 17 00:00:00 2001
From: afdj <ahmadfadlydziljalal@gmail.com>
Date: Thu, 8 Feb 2024 01:37:43 +0700
Subject: [PATCH 1/2] Update AuthorizeController.php

---
 .../OpenID/Controller/AuthorizeController.php   | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/OAuth2/OpenID/Controller/AuthorizeController.php b/src/OAuth2/OpenID/Controller/AuthorizeController.php
index 52e183bb3..14a08cd27 100644
--- a/src/OAuth2/OpenID/Controller/AuthorizeController.php
+++ b/src/OAuth2/OpenID/Controller/AuthorizeController.php
@@ -3,8 +3,11 @@
 namespace OAuth2\OpenID\Controller;
 
 use OAuth2\Controller\AuthorizeController as BaseAuthorizeController;
+use OAuth2\OpenID\Storage\UserClaimsInterface;
 use OAuth2\RequestInterface;
 use OAuth2\ResponseInterface;
+use OAuth2\Storage\ClientInterface;
+use OAuth2\ScopeInterface;
 
 /**
  * @see OAuth2\Controller\AuthorizeControllerInterface
@@ -26,6 +29,17 @@ class AuthorizeController extends BaseAuthorizeController implements AuthorizeCo
      */
     protected $code_challenge_method;
 
+    /**
+     * @var mixed
+     */
+    protected $userClaimsStorage;
+
+    public function __construct(ClientInterface $clientStorage, UserClaimsInterface $userClaimsStorage, array $responseTypes = array(), array $config = array(), ScopeInterface $scopeUtil = null)
+    {
+        parent::__construct($clientStorage, $responseTypes, $config, $scopeUtil);
+        $this->userClaimsStorage = $userClaimsStorage;
+    }
+
     /**
      * Set not authorized response
      *
@@ -69,7 +83,8 @@ protected function buildAuthorizeParameters($request, $response, $user_id)
 
         // Generate an id token if needed.
         if ($this->needsIdToken($this->getScope()) && $this->getResponseType() == self::RESPONSE_TYPE_AUTHORIZATION_CODE) {
-            $params['id_token'] = $this->responseTypes['id_token']->createIdToken($this->getClientId(), $user_id, $this->nonce);
+            $userClaims = $this->userClaimsStorage->getUserClaims($user_id, $params['scope']);
+            $params['id_token'] = $this->responseTypes['id_token']->createIdToken($this->getClientId(), $user_id, $this->nonce, $userClaims );
         }
 
         // add the nonce to return with the redirect URI

From 96276eaffe19e323b60b1d3d15bd19c1f10b8bf2 Mon Sep 17 00:00:00 2001
From: afdj <ahmadfadlydziljalal@gmail.com>
Date: Thu, 8 Feb 2024 01:38:57 +0700
Subject: [PATCH 2/2] Update Server.php

---
 src/OAuth2/Server.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/OAuth2/Server.php b/src/OAuth2/Server.php
index 1fbc6666d..38dd83da5 100644
--- a/src/OAuth2/Server.php
+++ b/src/OAuth2/Server.php
@@ -581,7 +581,7 @@ protected function createDefaultAuthorizeController()
         $config = array_intersect_key($this->config, array_flip(explode(' ', 'allow_implicit enforce_state require_exact_redirect_uri enforce_pkce')));
 
         if ($this->config['use_openid_connect']) {
-            return new OpenIDAuthorizeController($this->storages['client'], $this->responseTypes, $config, $this->getScopeUtil());
+            return new OpenIDAuthorizeController($this->storages['client'], $this->storages['user_claims'], $this->responseTypes, $config, $this->getScopeUtil());
         }
 
         return new AuthorizeController($this->storages['client'], $this->responseTypes, $config, $this->getScopeUtil());