From f79ac05dcb7f0953320d3d77a3d13a099f3b26fb Mon Sep 17 00:00:00 2001
From: Richard Schreiber <schreiber@rami.io>
Date: Mon, 8 May 2023 14:22:19 +0200
Subject: [PATCH] Open ID: validate requested claims only if config provides
 them (#3296)

---
 src/pretix/base/customersso/oidc.py | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/src/pretix/base/customersso/oidc.py b/src/pretix/base/customersso/oidc.py
index 9ad8c383c0..cf733de901 100644
--- a/src/pretix/base/customersso/oidc.py
+++ b/src/pretix/base/customersso/oidc.py
@@ -117,13 +117,15 @@ def oidc_validate_and_complete_config(config):
                 scopes=", ".join(provider_config.get("scopes_supported", []))
             ))
 
-    for k, v in config.items():
-        if k.endswith('_field') and v:
-            if v not in provider_config.get("claims_supported", []):  # https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
-                raise ValidationError(_('You are requesting field "{field}" but provider only supports these: {fields}.').format(
-                    field=v,
-                    fields=", ".join(provider_config.get("claims_supported", []))
-                ))
+    if "claims_supported" in provider_config:
+        claims_supported = provider_config.get("claims_supported", [])
+        for k, v in config.items():
+            if k.endswith('_field') and v:
+                if v not in claims_supported:  # https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
+                    raise ValidationError(_('You are requesting field "{field}" but provider only supports these: {fields}.').format(
+                        field=v,
+                        fields=", ".join(provider_config.get("claims_supported", []))
+                    ))
 
     config['provider_config'] = provider_config
     return config