This repository has been archived by the owner on Feb 14, 2024. It is now read-only.
forked from doorkeeper-gem/doorkeeper-openid_connect
-
Notifications
You must be signed in to change notification settings - Fork 0
/
discovery_controller.rb
103 lines (84 loc) · 2.71 KB
/
discovery_controller.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
module Doorkeeper
module OpenidConnect
class DiscoveryController < ::Doorkeeper::ApplicationController
include Doorkeeper::Helpers::Controller
WEBFINGER_RELATION = 'http://openid.net/specs/connect/1.0/issuer'.freeze
def provider
render json: provider_response
end
def webfinger
render json: webfinger_response
end
def keys
render json: keys_response
end
private
def provider_response
doorkeeper = ::Doorkeeper.configuration
openid_connect = ::Doorkeeper::OpenidConnect.configuration
{
issuer: openid_connect.issuer,
authorization_endpoint: oauth_authorization_url(protocol: protocol),
token_endpoint: oauth_token_url(protocol: protocol),
revocation_endpoint: oauth_revoke_url(protocol: protocol),
introspection_endpoint: oauth_introspect_url(protocol: protocol),
userinfo_endpoint: oauth_userinfo_url(protocol: protocol),
jwks_uri: oauth_discovery_keys_url(protocol: protocol),
scopes_supported: doorkeeper.scopes,
# TODO: support id_token response type
response_types_supported: doorkeeper.authorization_response_types,
response_modes_supported: [ 'query', 'fragment' ],
token_endpoint_auth_methods_supported: [
'client_secret_basic',
'client_secret_post',
# TODO: look into doorkeeper-jwt_assertion for these
#'client_secret_jwt',
#'private_key_jwt'
],
subject_types_supported: openid_connect.subject_types_supported,
id_token_signing_alg_values_supported: [
::Doorkeeper::OpenidConnect.signing_algorithm
],
claim_types_supported: [
'normal',
# TODO: support these
#'aggregated',
#'distributed',
],
claims_supported: [
'iss',
'sub',
'aud',
'exp',
'iat',
] | openid_connect.claims.to_h.keys,
}
end
def webfinger_response
{
subject: params.require(:resource),
links: [
{
rel: WEBFINGER_RELATION,
href: root_url(protocol: protocol),
}
]
}
end
def keys_response
signing_key = Doorkeeper::OpenidConnect.signing_key_normalized
{
keys: [
signing_key.merge(
use: 'sig',
alg: Doorkeeper::OpenidConnect.signing_algorithm
)
]
}
end
def protocol
Doorkeeper::OpenidConnect.configuration.protocol.call
end
end
end
end