feat: openid discovery endpoint

internal/bootstrap/router_bootstrap.go

@@ -113,5 +113,11 @@ func (app *BootstrapApp) setupRouter() (*gin.Engine, error) {
 
 	healthController.SetupRoutes()
 
+	wellknownController := controller.NewWellKnownController(controller.WellKnownControllerConfig{
+		OpenIDConnectIssuer: app.services.oidcService.GetIssuer(),
+	}, engine)
+
+	wellknownController.SetupRoutes()
+
 	return engine, nil
 }

internal/controller/well_known_controller.go

@@ -0,0 +1,62 @@
+package controller
+
+import (
+	"fmt"
+
+	"github.com/gin-gonic/gin"
+	"github.com/steveiliop56/tinyauth/internal/service"
+)
+
+type OpenIDConnectConfiguration struct {
+	Issuer                            string   `json:"issuer"`
+	AuthorizationEndpoint             string   `json:"authorization_endpoint"`
+	TokenEndpoint                     string   `json:"token_endpoint"`
+	UserinfoEndpoint                  string   `json:"userinfo_endpoint"`
+	JwksUri                           string   `json:"jwks_uri"`
+	ScopesSupported                   []string `json:"scopes_supported"`
+	ResponseTypesSupported            []string `json:"response_types_supported"`
+	GrantTypesSupported               []string `json:"grant_types_supported"`
+	SubjectTypesSupported             []string `json:"subject_types_supported"`
+	IDTokenSigningAlgValuesSupported  []string `json:"id_token_signing_alg_values_supported"`
+	TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
+	ClaimsSupported                   []string `json:"claims_supported"`
+	ServiceDocumentation              string   `json:"service_documentation"`
+}
+
+type WellKnownControllerConfig struct {
+	OpenIDConnectIssuer string
+}
+
+type WellKnownController struct {
+	config WellKnownControllerConfig
+	engine *gin.Engine
+}
+
+func NewWellKnownController(config WellKnownControllerConfig, engine *gin.Engine) *WellKnownController {
+	return &WellKnownController{
+		config: config,
+		engine: engine,
+	}
+}
+
+func (controller *WellKnownController) SetupRoutes() {
+	controller.engine.GET("/.well-known/openid-configuration", controller.OpenIDConnectConfiguration)
+}
+
+func (controller *WellKnownController) OpenIDConnectConfiguration(c *gin.Context) {
+	c.JSON(200, OpenIDConnectConfiguration{
+		Issuer:                            controller.config.OpenIDConnectIssuer,
+		AuthorizationEndpoint:             fmt.Sprintf("%s/authorize", controller.config.OpenIDConnectIssuer),
+		TokenEndpoint:                     fmt.Sprintf("%s/api/oidc/token", controller.config.OpenIDConnectIssuer),
+		UserinfoEndpoint:                  fmt.Sprintf("%s/api/oidc/userinfo", controller.config.OpenIDConnectIssuer),
+		JwksUri:                           fmt.Sprintf("%s/api/oidc/jwks", controller.config.OpenIDConnectIssuer),
+		ScopesSupported:                   service.SupportedScopes,
+		ResponseTypesSupported:            service.SupportedResponseTypes,
+		GrantTypesSupported:               service.SupportedGrantTypes,
+		SubjectTypesSupported:             []string{"pairwise"},
+		IDTokenSigningAlgValuesSupported:  []string{"RS256"},
+		TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"},
+		ClaimsSupported:                   []string{"sub", "updated_at", "name", "preferred_username", "email", "groups"},
+		ServiceDocumentation:              "https://tinyauth.app/docs/reference/openid",
+	})
+}

internal/middleware/ui_middleware.go

@@ -9,6 +9,7 @@ import (
 	"time"
 
 	"github.com/steveiliop56/tinyauth/internal/assets"
+	"github.com/steveiliop56/tinyauth/internal/utils/tlog"
 
 	"github.com/gin-gonic/gin"
 )
@@ -39,11 +40,10 @@ func (m *UIMiddleware) Middleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		path := strings.TrimPrefix(c.Request.URL.Path, "/")
 
+		tlog.App.Debug().Str("path", path).Msg("path")
+
 		switch strings.SplitN(path, "/", 2)[0] {
-		case "api":
-			c.Next()
-			return
-		case "resources":
+		case "api", "resources", ".well-known":
 			c.Next()
 			return
 		default: