Add a custom OAuth2 validator to provide some more info in the OIDC dance.

src/membership/oidc.py

@@ -0,0 +1,19 @@
+"""Code related to OIDC."""
+
+from typing import Any
+
+from oauth2_provider.oauth2_validators import OAuth2Validator
+from utils.types import AuthenticatedHttpRequest
+
+
+class CustomOAuth2Validator(OAuth2Validator):
+    """A custom OAuth2 validator."""
+
+    def get_additional_claims(self, request: AuthenticatedHttpRequest) -> dict[str, Any]:
+        """Get additional claims."""
+        return {
+            "sub": request.user.email,
+            "email": request.user.email,
+            "first_name": request.user.first_name,
+            "last_name": request.user.last_name,
+        }

src/project/settings.py

@@ -173,6 +173,7 @@ OAUTH2_PROVIDER = {
         "openid": "OpenID Connect scope",
         "profile": "Profile Information",
     },
+    "OAUTH2_VALIDATOR_CLASS": "membership.oidc.CustomOAuth2Validator",
     "PKCE_REQUIRED": False,  # Disabling for now -vidir 2025-02-01
 }
 

src/utils/types.py

@@ -0,0 +1,10 @@
+"""Collection of types for the project."""
+
+from django.contrib.auth.models import User
+from django.http import HttpRequest
+
+
+class AuthenticatedHttpRequest(HttpRequest):
+    """HttpRequest with an authenticated user."""
+
+    user: User