authelia/internal/handlers/handler_oidc_wellknown.go
James Elliott 46c8a25c15
fix(oidc): implement required subject types supported meta (#1996)
The well known openid-configuration should have the subject_types_supported meta values.
2021-05-11 11:00:29 +10:00

77 lines
1.8 KiB
Go

package handlers
import (
"encoding/json"
"fmt"
"github.com/valyala/fasthttp"
"github.com/authelia/authelia/internal/middlewares"
)
func oidcWellKnown(ctx *middlewares.AutheliaCtx) {
var configuration WellKnownConfigurationJSON
issuer, err := ctx.ForwardedProtoHost()
if err != nil {
ctx.Logger.Errorf("Error occurred in ForwardedProtoHost: %+v", err)
ctx.Response.SetStatusCode(fasthttp.StatusBadRequest)
return
}
configuration.Issuer = issuer
configuration.AuthURL = fmt.Sprintf("%s%s", issuer, oidcAuthorizePath)
configuration.TokenURL = fmt.Sprintf("%s%s", issuer, oidcTokenPath)
configuration.RevocationEndpoint = fmt.Sprintf("%s%s", issuer, oidcRevokePath)
configuration.JWKSURL = fmt.Sprintf("%s%s", issuer, oidcJWKsPath)
configuration.Algorithms = []string{"RS256"}
configuration.ScopesSupported = []string{
"openid",
"profile",
"groups",
"email",
// Determine if this is really mandatory knowing the RP can request for a refresh token through the authorize
// endpoint anyway.
"offline_access",
}
configuration.ClaimsSupported = []string{
"aud",
"exp",
"iat",
"iss",
"jti",
"rat",
"sub",
"auth_time",
"nonce",
"email",
"email_verified",
"groups",
"name",
}
configuration.SubjectTypesSupported = []string{
"public",
}
configuration.ResponseTypesSupported = []string{
"code",
"token",
"id_token",
"code token",
"code id_token",
"token id_token",
"code token id_token",
"none",
}
ctx.SetContentType("application/json")
if err := json.NewEncoder(ctx).Encode(configuration); err != nil {
ctx.Logger.Errorf("Error occurred in json Encode: %+v", err)
// TODO: Determine if this is the appropriate error code here.
ctx.Response.SetStatusCode(fasthttp.StatusInternalServerError)
return
}
}