Commit f6f82b7

mo khan <mo@mokhan.ca>
2025-02-28 21:49:49
Add openid/oauth endpoints
main
1 parent ad97794
Changed files (1)
bin
idp
bin/idp
@@ -70,12 +70,90 @@ class IdentityProvider
 
   # GET /.well-known/oauth-authorization-server
   def oauth_metadata
-    [200, { 'Content-Type' => "application/json" }, ["{}"]]
+    [200, { 'Content-Type' => "application/json" }, [JSON.pretty_generate({
+      issuer: "http://localhost:8282/.well-known/oauth-authorization-server",
+      authorization_endpoint: "http://localhost:8282/oauth/authorize",
+      token_endpoint: "http://localhost:8282/oauth/token",
+      jwks_uri: "", # RFC-7517
+      registration_endpoint: "", # RFC-7591
+      scopes_supported: ["openid", "profile", "email"],
+      response_types_supported: ["code", "code id_token", "id_token", "token id_token"],
+      response_modes_supported: ["query", "fragment", "form_post"],
+      grant_types_supported: ["authorization_code", "implicit"], # RFC-7591
+      token_endpoint_auth_methods_supported: ["client_secret_basic"], # RFC-7591
+      token_endpoint_auth_signing_alg_values_supported: ["RS256"],
+      service_documentation: "",
+      ui_locales_supported: ["en-US"],
+      op_policy_uri: "",
+      op_tos_uri: "",
+      revocation_endpoint: "http://localhost:8282/oauth/revoke", # RFC-7009
+      revocation_endpoint_auth_methods_supported: ["client_secret_basic"],
+      revocation_endpoint_auth_signing_alg_values_supported: ["RS256"],
+      introspection_endpoint: "http://localhost:8282/oauth/introspect", # RFC-7662
+      introspection_endpoint_auth_methods_supported: ["client_secret_basic"],
+      introspection_endpoint_auth_signing_alg_values_supported: ["RS256"],
+      code_challenge_methods_supported: [], # RFC-7636
+    })]]
   end
 
   # GET /.well-known/openid-configuration
   def openid_metadata
-    [200, { 'Content-Type' => "application/json" }, ["{}"]]
+    [200, { 'Content-Type' => "application/json" }, [JSON.pretty_generate({
+      issuer: "http://localhost:8282/.well-known/oauth-authorization-server",
+      authorization_endpoint: "http://localhost:8282/oauth/authorize",
+      token_endpoint: "http://localhost:8282/oauth/token",
+      # token_endpoint_auth_methods_supported: [],
+      # token_endpoint_auth_signing_alg_values_supported: [],
+      userinfo_endpoint: "http://localhost:8282/oidc/user/",
+      # check_session_iframe: nil,
+      # end_session_endpoint: nil,
+      jwks_uri: "", # RFC-7517
+      registration_endpoint: nil,
+      scopes_supported: ["openid", "profile", "email"],
+      response_types_supported: ["code", "code id_token", "id_token", "token id_token"],
+      response_modes_supported: ["query", "fragment", "form_post"],
+      grant_types_supported: ["authorization_code", "implicit"], # RFC-7591
+      acr_values_supported: [],
+      subject_types_supported: ["pairwise", "public"],
+      id_token_signing_alg_values_supported: ["RS256"],
+      id_token_encryption_alg_values_supported: [],
+      id_token_encryption_enc_values_supported: [],
+      userinfo_signing_alg_values_supported: ["RS256"],
+      userinfo_encryption_alg_values_supported: [],
+      userinfo_encryption_enc_values_supported: [],
+      request_object_signing_alg_values_supported: ["none", "RS256"],
+      request_object_encryption_alg_values_supported: [],
+      request_object_encryption_enc_values_supported: [],
+      token_endpoint_auth_methods_supported: ["client_secret_post", "client_secret_basic", "client_secret_jwt", "private_key_jwt"],
+      token_endpoint_auth_signing_alg_values_supported: [],
+      display_values_supported: [],
+      claim_types_supported: ["normal", "aggregated", "distributed"],
+      claims_supported: [
+        "acr",
+        "auth_time",
+        "email",
+        "email_verified",
+        "family_name",
+        "given_name",
+        "iss",
+        "locale",
+        "name",
+        "nickname",
+        "picture",
+        "profile",
+        "sub",
+        "website"
+      ],
+      service_documentation: nil,
+      claims_locales_supported: [],
+      ui_locales_supported: ["en-US"],
+      claims_parameter_supported: false,
+      request_parameter_supported: false,
+      request_uri_paramater_supported: false,
+      require_request_uri_registration: false,
+      op_policy_uri: "",
+      op_tos_uri: "",
+    })]]
   end
 
   # auth service
@@ -88,10 +166,14 @@ class IdentityProvider
         return openid_metadata
       when '/.well-known/oauth-authorization-server'
         return oauth_metadata
+      when '/.well-known/webfinger' # RFC-7033
+        return not_found
       when "/metadata.xml"
         return metadata
       when "/sessions/new"
         return post_back(Rack::Request.new(env))
+      when "oauth/authorize" # RFC-6749
+        return not_found
       else
         return not_found
       end
@@ -99,6 +181,10 @@ class IdentityProvider
       case path
       when "/sessions/new"
         return post_back(Rack::Request.new(env))
+      when "oauth/token" # RFC-6749
+        return not_found
+      when "oauth/revoke" # RFC-7009
+        return not_found
       else
         return not_found
       end