Unable to customize sent claims. 

Hello!

In [ClientSecretJWT.php](https://github.com/facile-it/php-openid-client/blob/master/src/AuthMethod/ClientSecretJwt.php#L81), the users claims are merged with the new claims.

```php
array_merge(
            $claims,
            [
                'iss' => $clientId,
                'sub' => $clientId,
                'aud' => $issuerMetadata->getIssuer(),
                'iat' => $time,
                'exp' => $time + 60,
                'jti' => $jti,
            ]
        )
```

The fact that it is in this particular order, makes it impossible to customize the claims in `IntrospectionService` (_and probably in some other places as well_).

I could provide a PR where `$claims` is after instead of being before?
Do you think it make sense?

Something like that:

```php
array_merge(
            [
                'iss' => $clientId,
                'sub' => $clientId,
                'aud' => $issuerMetadata->getIssuer(),
                'iat' => $time,
                'exp' => $time + 60,
                'jti' => $jti,
            ],
            $claims
        )
```

or 

```php
[
            $claims +
            [
                'iss' => $clientId,
                'sub' => $clientId,
                'aud' => $issuerMetadata->getIssuer(),
                'iat' => $time,
                'exp' => $time + 60,
                'jti' => $jti,
            ],
]
```

Thanks!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Unable to customize sent claims. #6

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Unable to customize sent claims. #6

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions