From a210b0566133855b0129b840278358decbb580d2 Mon Sep 17 00:00:00 2001
From: Andreas Dinauer <andreas.j.dinauer@gmail.com>
Date: Sat, 18 Apr 2026 22:40:50 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=A7=20Encode=20user=20details=20in=20i?=
 =?UTF-8?q?d=20token?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/main/java/de/tavolio/oidc/token/UserTokenGenerator.java | 6 +++++-
 src/main/java/de/tavolio/oidc/token/UserTokenService.java   | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/main/java/de/tavolio/oidc/token/UserTokenGenerator.java b/src/main/java/de/tavolio/oidc/token/UserTokenGenerator.java
index 20554d5..8753fb6 100644
--- a/src/main/java/de/tavolio/oidc/token/UserTokenGenerator.java
+++ b/src/main/java/de/tavolio/oidc/token/UserTokenGenerator.java
@@ -1,6 +1,7 @@
 package de.tavolio.oidc.token;
 
 import de.tavolio.oidc.IssuerService;
+import de.tavolio.realm.user.UserEntity;
 import io.smallrye.jwt.build.Jwt;
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.inject.Inject;
@@ -39,12 +40,15 @@ public class UserTokenGenerator
             .sign(key);
     }
 
-    public String generateIDToken(String realmKey, String clientId, String upn, ZonedDateTime expiresAt, PrivateKey key, String keyId)
+    public String generateIDToken(String realmKey, String clientId, String upn, ZonedDateTime expiresAt, PrivateKey key, String keyId, UserEntity user)
     {
         return Jwt.claims()
             .upn(upn)
             .claim("realm_key", realmKey)
             .claim("client_id", clientId)
+            .claim("email", user.getEmail())
+            .claim("firstname", user.getFirstname())
+            .claim("lastname", user.getLastname())
             .expiresAt(expiresAt.toInstant())
             .issuer(issuerService.getIssuer(realmKey)).jws().keyId(keyId)
             .sign(key);
diff --git a/src/main/java/de/tavolio/oidc/token/UserTokenService.java b/src/main/java/de/tavolio/oidc/token/UserTokenService.java
index e2695f8..246d0fd 100644
--- a/src/main/java/de/tavolio/oidc/token/UserTokenService.java
+++ b/src/main/java/de/tavolio/oidc/token/UserTokenService.java
@@ -69,7 +69,7 @@ public class UserTokenService
                 TokenResponse response = new TokenResponse()
                     .setAccessToken(userTokenGenerator.generateAccessToken(realm.getKey(), principal, entity.getAccount().getId(), expiresAt, signingKey, keypair.getId()))
                     .setRefreshToken(userTokenGenerator.generateRefreshToken(realm.getKey(), principal, entity.getAccount().getId(), refreshTokenExpiresAt, signingKey, keypair.getId()))
-                    .setIdToken(userTokenGenerator.generateIDToken(realm.getKey(), principal, entity.getAccount().getId(), expiresAt, signingKey, keypair.getId()))
+                    .setIdToken(userTokenGenerator.generateIDToken(realm.getKey(), principal, entity.getAccount().getId(), expiresAt, signingKey, keypair.getId(), entity.getAccount()))
                     .setTokenType("Bearer")
                     .setExpiresAt(expiresAt.toInstant().getEpochSecond());
                 codeRepo.delete(entity);