From 024ef3940f016fe3b4100d4cd1e9f8d99ccb12ba Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Thu, 15 Apr 2021 22:32:00 -0400 Subject: [PATCH] add well-known config for OIDC (#15355) * add well-known config for OIDC * spacing per feedback * Update oidc_wellknown.tmpl * add id_token * Update oidc_wellknown.tmpl Co-authored-by: zeripath Co-authored-by: Lunny Xiao --- .editorconfig | 3 +++ routers/routes/web.go | 1 + routers/user/oauth.go | 10 ++++++++++ templates/user/auth/oidc_wellknown.tmpl | 9 +++++++++ 4 files changed, 23 insertions(+) create mode 100644 templates/user/auth/oidc_wellknown.tmpl diff --git a/.editorconfig b/.editorconfig index b7ff926c34c..0f8603e5a29 100644 --- a/.editorconfig +++ b/.editorconfig @@ -18,6 +18,9 @@ insert_final_newline = false [templates/swagger/v1_json.tmpl] indent_style = space +[templates/user/auth/oidc_wellknown.tmpl] +indent_style = space + [Makefile] indent_style = tab diff --git a/routers/routes/web.go b/routers/routes/web.go index 4815680c99e..a8d64b4c447 100644 --- a/routers/routes/web.go +++ b/routers/routes/web.go @@ -336,6 +336,7 @@ func RegisterRoutes(m *web.Route) { // Routers. // for health check m.Get("/", routers.Home) + m.Get("/.well-known/openid-configuration", user.OIDCWellKnown) m.Group("/explore", func() { m.Get("", func(ctx *context.Context) { ctx.Redirect(setting.AppSubURL + "/explore/repos") diff --git a/routers/user/oauth.go b/routers/user/oauth.go index c8c846c6877..ae06efd0c01 100644 --- a/routers/user/oauth.go +++ b/routers/user/oauth.go @@ -389,6 +389,16 @@ func GrantApplicationOAuth(ctx *context.Context) { ctx.Redirect(redirect.String(), 302) } +// OIDCWellKnown generates JSON so OIDC clients know Gitea's capabilities +func OIDCWellKnown(ctx *context.Context) { + t := ctx.Render.TemplateLookup("user/auth/oidc_wellknown") + ctx.Resp.Header().Set("Content-Type", "application/json") + if err := t.Execute(ctx.Resp, ctx.Data); err != nil { + log.Error("%v", err) + ctx.Error(http.StatusInternalServerError) + } +} + // AccessTokenOAuth manages all access token requests by the client func AccessTokenOAuth(ctx *context.Context) { form := *web.GetForm(ctx).(*forms.AccessTokenForm) diff --git a/templates/user/auth/oidc_wellknown.tmpl b/templates/user/auth/oidc_wellknown.tmpl new file mode 100644 index 00000000000..290ed4a71df --- /dev/null +++ b/templates/user/auth/oidc_wellknown.tmpl @@ -0,0 +1,9 @@ +{ + "issuer": "{{AppUrl | JSEscape | Safe}}", + "authorization_endpoint": "{{AppUrl | JSEscape | Safe}}login/oauth/authorize", + "token_endpoint": "{{AppUrl | JSEscape | Safe}}login/oauth/access_token", + "response_types_supported": [ + "code", + "id_token" + ] +}