Introspection fixes

oidc_provider/lib/endpoints/introspection.py

@@ -61,7 +61,7 @@ def validate_params(self):
 
         self.id_token = self.token.id_token
 
-        if settings.get('OIDC_INTROSPECTION_VALIDATE_AUDIENCE_SCOPE'):
+        if settings.get('OIDC_INTROSPECTION_VALIDATE_AUDIENCE_SCOPE') and self.token.user:
             if not self.token.id_token:
                 logger.debug('[Introspection] Token not an authentication token: %s',
                              self.params['token'])
@@ -85,6 +85,7 @@ def create_response_dic(self):
                 response_dic[k] = self.id_token[k]
         response_dic['active'] = True
         response_dic['client_id'] = self.token.client.client_id
+        response_dic['scope'] = ' '.join(self.token.scope)
 
         response_dic = run_processing_hook(response_dic,
                                            'OIDC_INTROSPECTION_PROCESSING_HOOK',

oidc_provider/lib/utils/token.py

@@ -55,11 +55,12 @@ def create_id_token(token, user, aud, nonce='', at_hash='', request=None, scope=
 
     # Inlude (or not) user standard claims in the id_token.
     if settings.get('OIDC_IDTOKEN_INCLUDE_CLAIMS'):
-        standard_claims = StandardScopeClaims(token)
-        dic.update(standard_claims.create_response_dic())
         if settings.get('OIDC_EXTRA_SCOPE_CLAIMS'):
             custom_claims = settings.get('OIDC_EXTRA_SCOPE_CLAIMS', import_str=True)(token)
-            dic.update(custom_claims.create_response_dic())
+            claims = custom_claims.create_response_dic()
+        else:
+            claims = StandardScopeClaims(token).create_response_dic()
+        dic.update(claims)
 
     dic = run_processing_hook(
         dic, 'OIDC_IDTOKEN_PROCESSING_HOOK',