discovery.go raw
1 package handler
2
3 import (
4 "encoding/json"
5 "net/http"
6 )
7
8 type OIDCConfiguration struct {
9 Issuer string `json:"issuer"`
10 AuthorizationEndpoint string `json:"authorization_endpoint"`
11 TokenEndpoint string `json:"token_endpoint"`
12 UserInfoEndpoint string `json:"userinfo_endpoint"`
13 JwksURI string `json:"jwks_uri"`
14 ResponseTypesSupported []string `json:"response_types_supported"`
15 SubjectTypesSupported []string `json:"subject_types_supported"`
16 IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`
17 ScopesSupported []string `json:"scopes_supported"`
18 TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
19 ClaimsSupported []string `json:"claims_supported"`
20 GrantTypesSupported []string `json:"grant_types_supported"`
21 }
22
23 func (h *Handler) OIDCDiscovery(w http.ResponseWriter, r *http.Request) {
24 baseURL := h.cfg.Server.BaseURL
25
26 config := OIDCConfiguration{
27 Issuer: baseURL,
28 AuthorizationEndpoint: baseURL + "/authorize",
29 TokenEndpoint: baseURL + "/token",
30 UserInfoEndpoint: baseURL + "/userinfo",
31 JwksURI: baseURL + "/.well-known/jwks.json",
32 ResponseTypesSupported: []string{"code"},
33 SubjectTypesSupported: []string{"public"},
34 IDTokenSigningAlgValuesSupported: []string{"RS256"},
35 ScopesSupported: []string{"openid", "profile", "email"},
36 TokenEndpointAuthMethodsSupported: []string{"client_secret_basic", "client_secret_post"},
37 ClaimsSupported: []string{
38 "sub",
39 "iss",
40 "aud",
41 "exp",
42 "iat",
43 "name",
44 "preferred_username",
45 "email",
46 },
47 GrantTypesSupported: []string{"authorization_code"},
48 }
49
50 w.Header().Set("Content-Type", "application/json")
51 json.NewEncoder(w).Encode(config)
52 }
53
54 type JWKSet struct {
55 Keys []JWK `json:"keys"`
56 }
57
58 type JWK struct {
59 Kty string `json:"kty"`
60 Use string `json:"use"`
61 Kid string `json:"kid"`
62 Alg string `json:"alg"`
63 N string `json:"n"`
64 E string `json:"e"`
65 }
66
67 func (h *Handler) JWKS(w http.ResponseWriter, r *http.Request) {
68 // For simplicity, we'll use a static JWKS
69 // In production, this should be dynamically generated from actual keys
70 jwks := JWKSet{
71 Keys: []JWK{},
72 }
73
74 w.Header().Set("Content-Type", "application/json")
75 json.NewEncoder(w).Encode(jwks)
76 }
77