RFC9068 JWT access tokens cannot be used at the userinfo endoint #831
Description
When using RFC9068, the authorization server generates JWTAccessTokenClaims objects instead of TokenMixin. JWTAccessTokenClaims is missing a few methods that are expected to be found by the userinfo endpoint:
authlib/authlib/oidc/core/userinfo.py
Lines 63 to 66 in 9ec4256
canaille/oidc/endpoints/oauth.py:421: in userinfo
response = authorization.create_endpoint_response(UserInfoEndpoint.ENDPOINT_NAME)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
.venv/lib/python3.13/site-packages/authlib/oauth2/rfc6749/authorization_server.py:296: in create_endpoint_response
return self.handle_response(*endpoint(request))
^^^^^^^^^^^^^^^^^
.venv/lib/python3.13/site-packages/authlib/oidc/core/userinfo.py:65: in __call__
client = token.get_client()
^^^^^^^^^^^^^^^^
.venv/lib/python3.13/site-packages/authlib/jose/rfc7519/claims.py:52: in __getattr__
raise error
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = {'iss': 'http://canaille.test', 'exp': 1760354899, 'client_id': '9arCd9tbZGWysLuSJwmyLGyK', 'iat': 1759490899, 'jti': ...'1234, some street', 'locality': 'some city', 'region': 'some state', 'postal_code': '6789'}, 'updated_at': 1759490899}
key = 'get_client'
def __getattr__(self, key):
try:
> return object.__getattribute__(self, key)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
E AttributeError: 'JWTAccessTokenClaims' object has no attribute 'get_client'
.venv/lib/python3.13/site-packages/authlib/jose/rfc7519/claims.py:48: AttributeError