oidc-op-claims.patch

--- a/usr/share/perl5/Lemonldap/NG/Portal/UserDB/OpenIDConnect.pm
+++ b/usr/share/perl5/Lemonldap/NG/Portal/UserDB/OpenIDConnect.pm
@@ -2,6 +2,7 @@ package Lemonldap::NG::Portal::UserDB::OpenIDConnect;
 
 use strict;
 use Mouse;
+use Lemonldap::NG::Common::JWT 'getJWTPayload';
 use Lemonldap::NG::Portal::Main::Constants qw(
   PE_OIDC_AUTH_ERROR
   PE_BADCREDENTIALS
@@ -42,7 +43,33 @@ sub getUser {
         return PE_ERROR;
     }
 
-    my $userinfo_content = $self->getUserInfo( $op, $access_token );
+    my $userinfo_content;
+    my $source = $self->opOptions->{$op}->{oidcOPMetaDataOptionsUserinfoSource}
+      || 'userinfo';
+    if ( $source eq 'id_token' ) {
+        $userinfo_content = getJWTPayload( $req->data->{id_token} );
+        $self->logger->error(
+            "Unable to read ID token content: " . $req->data->{id_token} )
+          unless ($userinfo_content);
+    }
+    elsif ( $source eq 'access_token' ) {
+        my $tmp = getJWTPayload($access_token);
+        if ($tmp) {
+            $userinfo_content = { %{ $userinfo_content || {} }, %$tmp };
+        }
+        else {
+            $self->logger->error(
+                "Unable to read ID token content: $access_token");
+        }
+    }
+    unless ($userinfo_content) {
+        unless ( $source eq 'userinfo' ) {
+            $self->logger->error(
+                "Failed to get user info from $source, trying userinfo endpoint"
+            );
+        }
+        $userinfo_content = $self->getUserInfo( $op, $access_token );
+    }
 
     unless ($userinfo_content) {
         $self->logger->warn("No User Info content");