mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2026-02-22 17:02:01 +00:00
671343f677
* chore: add oidc base config * wip: authorize page * feat: implement basic oidc functionality * refactor: implement oidc following tinyauth patterns * feat: adapt frontend to oidc flow * fix: review comments * fix: oidc review comments * feat: refresh token grant type support * feat: cleanup expired oidc sessions * feat: frontend i18n * fix: fix typo in error screen * tests: add basic testing * fix: more review comments * refactor: rework oidc error messages * feat: openid discovery endpoint * feat: jwk endpoint * i18n: fix typo * fix: more rabbit nitpicks * fix: final review comments * i18n: authorize page error messages
86 lines
3.2 KiB
Go
86 lines
3.2 KiB
Go
package controller
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/steveiliop56/tinyauth/internal/service"
|
|
)
|
|
|
|
type OpenIDConnectConfiguration struct {
|
|
Issuer string `json:"issuer"`
|
|
AuthorizationEndpoint string `json:"authorization_endpoint"`
|
|
TokenEndpoint string `json:"token_endpoint"`
|
|
UserinfoEndpoint string `json:"userinfo_endpoint"`
|
|
JwksUri string `json:"jwks_uri"`
|
|
ScopesSupported []string `json:"scopes_supported"`
|
|
ResponseTypesSupported []string `json:"response_types_supported"`
|
|
GrantTypesSupported []string `json:"grant_types_supported"`
|
|
SubjectTypesSupported []string `json:"subject_types_supported"`
|
|
IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`
|
|
TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
|
|
ClaimsSupported []string `json:"claims_supported"`
|
|
ServiceDocumentation string `json:"service_documentation"`
|
|
}
|
|
|
|
type WellKnownControllerConfig struct{}
|
|
|
|
type WellKnownController struct {
|
|
config WellKnownControllerConfig
|
|
engine *gin.Engine
|
|
oidc *service.OIDCService
|
|
}
|
|
|
|
func NewWellKnownController(config WellKnownControllerConfig, oidc *service.OIDCService, engine *gin.Engine) *WellKnownController {
|
|
return &WellKnownController{
|
|
config: config,
|
|
oidc: oidc,
|
|
engine: engine,
|
|
}
|
|
}
|
|
|
|
func (controller *WellKnownController) SetupRoutes() {
|
|
controller.engine.GET("/.well-known/openid-configuration", controller.OpenIDConnectConfiguration)
|
|
controller.engine.GET("/.well-known/jwks.json", controller.JWKS)
|
|
}
|
|
|
|
func (controller *WellKnownController) OpenIDConnectConfiguration(c *gin.Context) {
|
|
issuer := controller.oidc.GetIssuer()
|
|
c.JSON(200, OpenIDConnectConfiguration{
|
|
Issuer: issuer,
|
|
AuthorizationEndpoint: fmt.Sprintf("%s/authorize", issuer),
|
|
TokenEndpoint: fmt.Sprintf("%s/api/oidc/token", issuer),
|
|
UserinfoEndpoint: fmt.Sprintf("%s/api/oidc/userinfo", issuer),
|
|
JwksUri: fmt.Sprintf("%s/.well-known/jwks.json", issuer),
|
|
ScopesSupported: service.SupportedScopes,
|
|
ResponseTypesSupported: service.SupportedResponseTypes,
|
|
GrantTypesSupported: service.SupportedGrantTypes,
|
|
SubjectTypesSupported: []string{"pairwise"},
|
|
IDTokenSigningAlgValuesSupported: []string{"RS256"},
|
|
TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"},
|
|
ClaimsSupported: []string{"sub", "updated_at", "name", "preferred_username", "email", "groups"},
|
|
ServiceDocumentation: "https://tinyauth.app/docs/reference/openid",
|
|
})
|
|
}
|
|
|
|
func (controller *WellKnownController) JWKS(c *gin.Context) {
|
|
jwks, err := controller.oidc.GetJWK()
|
|
|
|
if err != nil {
|
|
c.JSON(500, gin.H{
|
|
"status": "500",
|
|
"message": "failed to get JWK",
|
|
})
|
|
return
|
|
}
|
|
|
|
c.Header("content-type", "application/json")
|
|
|
|
c.Writer.WriteString(`{"keys":[`)
|
|
c.Writer.Write(jwks)
|
|
c.Writer.WriteString(`]}`)
|
|
|
|
c.Status(http.StatusOK)
|
|
}
|