Commit e6b7ade

mo khan <mo@mokhan.ca>
2025-03-18 20:32:45
refactor: use oauth server metadata to configure endpoints
main
1 parent 53a7bd1
Changed files (1)
bin
ui
bin/ui
@@ -50,8 +50,16 @@ module OAuth
       }))
     end
 
-    def authorize_uri
-      "http://#{$idp_host}/oauth/authorize?client_id=#{client_id}&state=example&redirect_uri=#{$scheme}://#{$host}/oauth/callback&response_type=code&response_mode=query&scope=openid"
+    def [](key)
+      server_metadata.fetch(key)
+    end
+
+    def redirect_uri
+      "#{$scheme}://#{$host}/oauth/callback"
+    end
+
+    def authorize_uri(state: SecureRandom.uuid, response_mode: "query", scope: "openid")
+      "#{self[:authorization_endpoint]}?client_id=#{client_id}&state=#{state}&redirect_uri=#{redirect_uri}&response_type=code&response_mode=#{response_mode}&scope=#{scope}"
     end
 
     def with_http
@@ -60,9 +68,17 @@ module OAuth
       end
     end
 
+    def server_metadata
+      @server_metadata ||=
+        with_http do |client|
+          response = client.get("http://#{$idp_host}/.well-known/openid-configuration")
+          JSON.parse(response.body, symbolize_names: true)
+        end
+    end
+
     def exchange(grant_type:, code:)
       with_http do |client|
-        client.post("http://#{$idp_host}/oauth/token", body: {
+        client.post(self[:token_endpoint], body: {
           grant_type: grant_type,
           code: code,
           code_verifier: "not_implemented"