mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2026-04-28 08:28:12 +00:00
Scott McKendry
5d95123dcb
* feat(oidc): support for all in-spec attributes and scopes * add tests * assert phone/email verified when either is set * update tests * add claims back to userinfo * remove redundant column drop in migration * fix duplicate migration id * fix clobbered imports post-rebase
90 lines
3.8 KiB
Go
90 lines
3.8 KiB
Go
package controller
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/tinyauthapp/tinyauth/internal/service"
|
|
)
|
|
|
|
type OpenIDConnectConfiguration struct {
|
|
Issuer string `json:"issuer"`
|
|
AuthorizationEndpoint string `json:"authorization_endpoint"`
|
|
TokenEndpoint string `json:"token_endpoint"`
|
|
UserinfoEndpoint string `json:"userinfo_endpoint"`
|
|
JwksUri string `json:"jwks_uri"`
|
|
ScopesSupported []string `json:"scopes_supported"`
|
|
ResponseTypesSupported []string `json:"response_types_supported"`
|
|
GrantTypesSupported []string `json:"grant_types_supported"`
|
|
SubjectTypesSupported []string `json:"subject_types_supported"`
|
|
IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`
|
|
TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
|
|
ClaimsSupported []string `json:"claims_supported"`
|
|
ServiceDocumentation string `json:"service_documentation"`
|
|
RequestParameterSupported bool `json:"request_parameter_supported"`
|
|
RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported"`
|
|
}
|
|
|
|
type WellKnownControllerConfig struct{}
|
|
|
|
type WellKnownController struct {
|
|
config WellKnownControllerConfig
|
|
engine *gin.Engine
|
|
oidc *service.OIDCService
|
|
}
|
|
|
|
func NewWellKnownController(config WellKnownControllerConfig, oidc *service.OIDCService, engine *gin.Engine) *WellKnownController {
|
|
return &WellKnownController{
|
|
config: config,
|
|
oidc: oidc,
|
|
engine: engine,
|
|
}
|
|
}
|
|
|
|
func (controller *WellKnownController) SetupRoutes() {
|
|
controller.engine.GET("/.well-known/openid-configuration", controller.OpenIDConnectConfiguration)
|
|
controller.engine.GET("/.well-known/jwks.json", controller.JWKS)
|
|
}
|
|
|
|
func (controller *WellKnownController) OpenIDConnectConfiguration(c *gin.Context) {
|
|
issuer := controller.oidc.GetIssuer()
|
|
c.JSON(200, OpenIDConnectConfiguration{
|
|
Issuer: issuer,
|
|
AuthorizationEndpoint: fmt.Sprintf("%s/authorize", issuer),
|
|
TokenEndpoint: fmt.Sprintf("%s/api/oidc/token", issuer),
|
|
UserinfoEndpoint: fmt.Sprintf("%s/api/oidc/userinfo", issuer),
|
|
JwksUri: fmt.Sprintf("%s/.well-known/jwks.json", issuer),
|
|
ScopesSupported: service.SupportedScopes,
|
|
ResponseTypesSupported: service.SupportedResponseTypes,
|
|
GrantTypesSupported: service.SupportedGrantTypes,
|
|
SubjectTypesSupported: []string{"pairwise"},
|
|
IDTokenSigningAlgValuesSupported: []string{"RS256"},
|
|
TokenEndpointAuthMethodsSupported: []string{"client_secret_basic", "client_secret_post"},
|
|
ClaimsSupported: []string{"sub", "updated_at", "name", "preferred_username", "email", "email_verified", "groups", "phone_number", "phone_number_verified", "address", "given_name", "family_name", "middle_name", "nickname", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale"},
|
|
ServiceDocumentation: "https://tinyauth.app/docs/guides/oidc",
|
|
RequestParameterSupported: true,
|
|
RequestObjectSigningAlgValuesSupported: []string{"none"},
|
|
})
|
|
}
|
|
|
|
func (controller *WellKnownController) JWKS(c *gin.Context) {
|
|
jwks, err := controller.oidc.GetJWK()
|
|
|
|
if err != nil {
|
|
c.JSON(500, gin.H{
|
|
"status": "500",
|
|
"message": "failed to get JWK",
|
|
})
|
|
return
|
|
}
|
|
|
|
c.Header("content-type", "application/json")
|
|
|
|
c.Writer.WriteString(`{"keys":[`)
|
|
c.Writer.Write(jwks)
|
|
c.Writer.WriteString(`]}`)
|
|
|
|
c.Status(http.StatusOK)
|
|
}
|