barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2026-03-06 06:42:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: openid discovery endpoint

Browse Source
This commit is contained in:
Stavros
2026-01-26 19:50:15 +02:00
parent 328064946b
commit a8f57e584e
5 changed files with 79 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile
View File

@@ -61,11 +61,11 @@ test:
# Development # Development
develop: develop:
docker compose -f $(DEV_COMPOSE) up --force-recreate --pull=always --remove-orphans docker compose -f $(DEV_COMPOSE) up --force-recreate --pull=always --remove-orphans --build
# Development - Infisical # Development - Infisical
develop-infisical: develop-infisical:
infisical run --env=dev -- docker compose -f $(DEV_COMPOSE) up --force-recreate --pull=always --remove-orphans infisical run --env=dev -- docker compose -f $(DEV_COMPOSE) up --force-recreate --pull=always --remove-orphans --build
# Production # Production
prod: prod:

5
frontend/vite.config.ts
View File

@@ -24,6 +24,11 @@ export default defineConfig({
changeOrigin: true, changeOrigin: true,
rewrite: (path) => path.replace(/^\/resources/, ""), rewrite: (path) => path.replace(/^\/resources/, ""),
}, },
"/.well-known": {
target: "http://tinyauth-backend:3000/.well-known",
changeOrigin: true,
rewrite: (path) => path.replace(/^\/.well-known/, ""),
},
}, },
allowedHosts: true, allowedHosts: true,
}, },

6
internal/bootstrap/router_bootstrap.go
View File

@@ -113,5 +113,11 @@ func (app *BootstrapApp) setupRouter() (*gin.Engine, error) {
healthController.SetupRoutes() healthController.SetupRoutes()
wellknownController := controller.NewWellKnownController(controller.WellKnownControllerConfig{
OpenIDConnectIssuer: app.services.oidcService.GetIssuer(),
}, engine)
wellknownController.SetupRoutes()
return engine, nil return engine, nil
} }

62
internal/controller/well_known_controller.go Normal file
View File

@@ -0,0 +1,62 @@
package controller
import (
"fmt"
"github.com/gin-gonic/gin"
"github.com/steveiliop56/tinyauth/internal/service"
)
type OpenIDConnectConfiguration struct {
Issuer string `json:"issuer"`
AuthorizationEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
UserinfoEndpoint string `json:"userinfo_endpoint"`
JwksUri string `json:"jwks_uri"`
ScopesSupported []string `json:"scopes_supported"`
ResponseTypesSupported []string `json:"response_types_supported"`
GrantTypesSupported []string `json:"grant_types_supported"`
SubjectTypesSupported []string `json:"subject_types_supported"`
IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`
TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
ClaimsSupported []string `json:"claims_supported"`
ServiceDocumentation string `json:"service_documentation"`
}
type WellKnownControllerConfig struct {
OpenIDConnectIssuer string
}
type WellKnownController struct {
config WellKnownControllerConfig
engine *gin.Engine
}
func NewWellKnownController(config WellKnownControllerConfig, engine *gin.Engine) *WellKnownController {
return &WellKnownController{
config: config,
engine: engine,
}
}
func (controller *WellKnownController) SetupRoutes() {
controller.engine.GET("/.well-known/openid-configuration", controller.OpenIDConnectConfiguration)
}
func (controller *WellKnownController) OpenIDConnectConfiguration(c *gin.Context) {
c.JSON(200, OpenIDConnectConfiguration{
Issuer: controller.config.OpenIDConnectIssuer,
AuthorizationEndpoint: fmt.Sprintf("%s/authorize", controller.config.OpenIDConnectIssuer),
TokenEndpoint: fmt.Sprintf("%s/api/oidc/token", controller.config.OpenIDConnectIssuer),
UserinfoEndpoint: fmt.Sprintf("%s/api/oidc/userinfo", controller.config.OpenIDConnectIssuer),
JwksUri: fmt.Sprintf("%s/api/oidc/jwks", controller.config.OpenIDConnectIssuer),
ScopesSupported: service.SupportedScopes,
ResponseTypesSupported: service.SupportedResponseTypes,
GrantTypesSupported: service.SupportedGrantTypes,
SubjectTypesSupported: []string{"pairwise"},
IDTokenSigningAlgValuesSupported: []string{"RS256"},
TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"},
ClaimsSupported: []string{"sub", "updated_at", "name", "preferred_username", "email", "groups"},
ServiceDocumentation: "https://tinyauth.app/docs/reference/openid",
})
}

8
internal/middleware/ui_middleware.go
View File

@@ -9,6 +9,7 @@ import (
"time" "time"
"github.com/steveiliop56/tinyauth/internal/assets" "github.com/steveiliop56/tinyauth/internal/assets"
"github.com/steveiliop56/tinyauth/internal/utils/tlog"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
) )
@@ -39,11 +40,10 @@ func (m *UIMiddleware) Middleware() gin.HandlerFunc {
return func(c *gin.Context) { return func(c *gin.Context) {
path := strings.TrimPrefix(c.Request.URL.Path, "/") path := strings.TrimPrefix(c.Request.URL.Path, "/")
tlog.App.Debug().Str("path", path).Msg("path")
switch strings.SplitN(path, "/", 2)[0] { switch strings.SplitN(path, "/", 2)[0] {
case "api": case "api", "resources", ".well-known":
c.Next()
return
case "resources":
c.Next() c.Next()
return return
default: default: