From d255d55b2c18537f722c9c8fc8808918d5285768 Mon Sep 17 00:00:00 2001
From: Benjamin Truninger <benjamin.truninger@dieboldnixdorf.com>
Date: Tue, 10 Feb 2026 16:21:39 +0100
Subject: [PATCH 1/2] Do not overwrite extra_id_token_claims if it is already
 set

---
 src/pyop/provider.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/pyop/provider.py b/src/pyop/provider.py
index 67f9c2d..0ff49fb 100644
--- a/src/pyop/provider.py
+++ b/src/pyop/provider.py
@@ -446,7 +446,9 @@ def _do_code_exchange(self, request,  # type: Dict[str, str]
         if refresh_token is not None:
             response['refresh_token'] = refresh_token
 
-        extra_id_token_claims = {}
+        if extra_id_token_claims is None:
+            extra_id_token_claims = {}
+
         if self.stateless:
             extra_id_token_claims_in_code = self.authz_state.get_extra_id_token_claims_for_code(token_request['code'])
             extra_id_token_claims.update(extra_id_token_claims_in_code)

From 0bd404b46fbd6a35dee63ca0fac303a61f40c3e5 Mon Sep 17 00:00:00 2001
From: Zoopa <zoopajr@gmail.com>
Date: Wed, 11 Feb 2026 08:55:38 +0100
Subject: [PATCH 2/2] Update src/pyop/provider.py

Improve initialisation of extra_id_token_claims

Co-authored-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
---
 src/pyop/provider.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/pyop/provider.py b/src/pyop/provider.py
index 0ff49fb..5d01f73 100644
--- a/src/pyop/provider.py
+++ b/src/pyop/provider.py
@@ -446,8 +446,7 @@ def _do_code_exchange(self, request,  # type: Dict[str, str]
         if refresh_token is not None:
             response['refresh_token'] = refresh_token
 
-        if extra_id_token_claims is None:
-            extra_id_token_claims = {}
+        extra_id_token_claims = extra_id_token_claims or {}
 
         if self.stateless:
             extra_id_token_claims_in_code = self.authz_state.get_extra_id_token_claims_for_code(token_request['code'])