Commit 57102418 authored by Eric Chiang's avatar Eric Chiang

*: set response types supported in discovery based on server config

parent 6564c15d
...@@ -92,6 +92,8 @@ func serve(cmd *cobra.Command, args []string) error { ...@@ -92,6 +92,8 @@ func serve(cmd *cobra.Command, args []string) error {
Issuer: c.Issuer, Issuer: c.Issuer,
Connectors: connectors, Connectors: connectors,
Storage: s, Storage: s,
SupportedResponseTypes: c.OAuth2.ResponseTypes,
} }
serv, err := server.New(serverConfig) serv, err := server.New(serverConfig)
......
...@@ -8,6 +8,7 @@ import ( ...@@ -8,6 +8,7 @@ import (
"net/http" "net/http"
"net/url" "net/url"
"path" "path"
"sort"
"strconv" "strconv"
"strings" "strings"
"time" "time"
...@@ -72,32 +73,37 @@ type discovery struct { ...@@ -72,32 +73,37 @@ type discovery struct {
Claims []string `json:"claims_supported"` Claims []string `json:"claims_supported"`
} }
func (s *Server) handleDiscovery(w http.ResponseWriter, r *http.Request) { func (s *Server) discoveryHandler() (http.HandlerFunc, error) {
// TODO(ericchiang): Cache this
d := discovery{ d := discovery{
Issuer: s.issuerURL.String(), Issuer: s.issuerURL.String(),
Auth: s.absURL("/auth"), Auth: s.absURL("/auth"),
Token: s.absURL("/token"), Token: s.absURL("/token"),
Keys: s.absURL("/keys"), Keys: s.absURL("/keys"),
ResponseTypes: []string{"code"}, Subjects: []string{"public"},
Subjects: []string{"public"}, IDTokenAlgs: []string{string(jose.RS256)},
IDTokenAlgs: []string{string(jose.RS256)}, Scopes: []string{"openid", "email", "profile", "offline_access"},
Scopes: []string{"openid", "email", "profile", "offline_access"}, AuthMethods: []string{"client_secret_basic"},
AuthMethods: []string{"client_secret_basic"},
Claims: []string{ Claims: []string{
"aud", "email", "email_verified", "exp", "aud", "email", "email_verified", "exp",
"iat", "iss", "locale", "name", "sub", "iat", "iss", "locale", "name", "sub",
}, },
} }
for responseType := range s.supportedResponseTypes {
d.ResponseTypes = append(d.ResponseTypes, responseType)
}
sort.Strings(d.ResponseTypes)
data, err := json.MarshalIndent(d, "", " ") data, err := json.MarshalIndent(d, "", " ")
if err != nil { if err != nil {
log.Printf("failed to marshal discovery data: %v", err) return nil, fmt.Errorf("failed to marshal discovery data: %v", err)
http.Error(w, "Internal server error", http.StatusInternalServerError)
return
} }
w.Header().Set("Content-Type", "application/json")
w.Header().Set("Content-Length", strconv.Itoa(len(data))) return func(w http.ResponseWriter, r *http.Request) {
w.Write(data) w.Header().Set("Content-Type", "application/json")
w.Header().Set("Content-Length", strconv.Itoa(len(data)))
w.Write(data)
}, nil
} }
// handleAuthorization handles the OAuth2 auth endpoint. // handleAuthorization handles the OAuth2 auth endpoint.
......
...@@ -136,8 +136,13 @@ func newServer(c Config, rotationStrategy rotationStrategy) (*Server, error) { ...@@ -136,8 +136,13 @@ func newServer(c Config, rotationStrategy rotationStrategy) (*Server, error) {
} }
r.NotFoundHandler = http.HandlerFunc(s.notFound) r.NotFoundHandler = http.HandlerFunc(s.notFound)
discoveryHandler, err := s.discoveryHandler()
if err != nil {
return nil, err
}
handleFunc("/.well-known/openid-configuration", discoveryHandler)
// TODO(ericchiang): rate limit certain paths based on IP. // TODO(ericchiang): rate limit certain paths based on IP.
handleFunc("/.well-known/openid-configuration", s.handleDiscovery)
handleFunc("/token", s.handleToken) handleFunc("/token", s.handleToken)
handleFunc("/keys", s.handlePublicKeys) handleFunc("/keys", s.handlePublicKeys)
handleFunc("/auth", s.handleAuthorization) handleFunc("/auth", s.handleAuthorization)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment