diff --git a/src/pretix/base/customersso/oidc.py b/src/pretix/base/customersso/oidc.py index b093c0125b..638f0be2a3 100644 --- a/src/pretix/base/customersso/oidc.py +++ b/src/pretix/base/customersso/oidc.py @@ -112,23 +112,6 @@ def oidc_validate_and_complete_config(config): scope="openid", )) - for scope in config["scope"].split(" "): - if scope not in provider_config.get("scopes_supported", []): - raise ValidationError(_('You are requesting scope "{scope}" but provider only supports these: {scopes}.').format( - scope=scope, - scopes=", ".join(provider_config.get("scopes_supported", [])) - )) - - if "claims_supported" in provider_config: - claims_supported = provider_config.get("claims_supported", []) - for k, v in config.items(): - if k.endswith('_field') and v: - if v not in claims_supported: # https://openid.net/specs/openid-connect-core-1_0.html#UserInfo - raise ValidationError(_('You are requesting field "{field}" but provider only supports these: {fields}.').format( - field=v, - fields=", ".join(provider_config.get("claims_supported", [])) - )) - if "token_endpoint_auth_methods_supported" in provider_config: token_endpoint_auth_methods_supported = provider_config.get("token_endpoint_auth_methods_supported", ["client_secret_basic"]) diff --git a/src/tests/base/test_customer_oidc_rp.py b/src/tests/base/test_customer_oidc_rp.py index 80ffb4b689..0dc628ff93 100644 --- a/src/tests/base/test_customer_oidc_rp.py +++ b/src/tests/base/test_customer_oidc_rp.py @@ -175,12 +175,6 @@ def test_incompatible(): oidc_validate_and_complete_config(config) assert "not requesting" in str(e.value) - config["scope"] = "openid foo" - - with pytest.raises(ValidationError) as e: - oidc_validate_and_complete_config(config) - assert "requesting scope" in str(e.value) - @responses.activate def test_compatible():