The creation of ID Tokens is ultimately done not by OAuthLib but by your
RequestValidator subclass. This is because their
content is dependent on your implementation of users, their attributes, any claims you may wish to support, as well as the
details of how you model the notion of a Client Application. As such OAuthLib simply calls your validator’s
method at the appropriate times during the authorization flow, depending on the grant type requested (Authorization Code, Implicit,
get_id_token(token, token_handler, request)¶
Get OpenID Connect ID token
In the OpenID Connect workflows when an ID Token is requested this method is called. Subclasses should implement the construction, signing and optional encryption of the ID Token as described in the OpenID Connect spec.
In addition to the standard OAuth2 request properties, the request may also contain these OIDC specific properties which are useful to this method:
- nonce, if workflow is implicit or hybrid and it was provided
- claims, if provided to the original Authorization Code request
The token parameter is a dict which may contain an
access_tokenentry, in which case the resulting ID Token should include a calculated
Similarly, when the request parameter has a
codeproperty defined, the ID Token should include a calculated
- token – A Bearer token dict.
- token_handler – The token handler (BearerToken class)
- request (oauthlib.common.Request) – OAuthlib request.
The ID Token (a JWS signed JWT)