authelia/internal/handlers/handler_oidc_wellknown.go

100 lines
2.5 KiB
Go
Raw Normal View History

package handlers
import (
"encoding/json"
"fmt"
"github.com/valyala/fasthttp"
"github.com/authelia/authelia/v4/internal/middlewares"
"github.com/authelia/authelia/v4/internal/oidc"
)
func oidcWellKnown(ctx *middlewares.AutheliaCtx) {
issuer, err := ctx.ExternalRootURL()
if err != nil {
ctx.Logger.Errorf("Error occurred determining OpenID Connect issuer details: %+v", err)
ctx.Response.SetStatusCode(fasthttp.StatusBadRequest)
return
}
wellKnown := oidc.WellKnownConfiguration{
Issuer: issuer,
JWKSURI: fmt.Sprintf("%s%s", issuer, pathOpenIDConnectJWKs),
AuthorizationEndpoint: fmt.Sprintf("%s%s", issuer, pathOpenIDConnectAuthorization),
TokenEndpoint: fmt.Sprintf("%s%s", issuer, pathOpenIDConnectToken),
RevocationEndpoint: fmt.Sprintf("%s%s", issuer, pathOpenIDConnectRevocation),
UserinfoEndpoint: fmt.Sprintf("%s%s", issuer, pathOpenIDConnectUserinfo),
IntrospectionEndpoint: fmt.Sprintf("%s%s", issuer, pathOpenIDConnectIntrospection),
Algorithms: []string{"RS256"},
UserinfoAlgorithms: []string{"none", "RS256"},
SubjectTypesSupported: []string{
"public",
},
ResponseTypesSupported: []string{
"code",
"token",
"id_token",
"code token",
"code id_token",
"token id_token",
"code token id_token",
"none",
},
ResponseModesSupported: []string{
"form_post",
"query",
"fragment",
},
ScopesSupported: []string{
"offline_access",
oidc.ScopeOpenID,
oidc.ScopeProfile,
oidc.ScopeGroups,
oidc.ScopeEmail,
},
ClaimsSupported: []string{
"aud",
"exp",
"iat",
"iss",
"jti",
"rat",
"sub",
"auth_time",
"nonce",
oidc.ClaimEmail,
oidc.ClaimEmailVerified,
oidc.ClaimEmailAlts,
oidc.ClaimGroups,
oidc.ClaimPreferredUsername,
oidc.ClaimDisplayName,
},
CodeChallengeMethodsSupported: []string{"S256"},
RequestURIParameterSupported: false,
BackChannelLogoutSupported: false,
FrontChannelLogoutSupported: false,
BackChannelLogoutSessionSupported: false,
FrontChannelLogoutSessionSupported: false,
}
if ctx.Configuration.IdentityProviders.OIDC.EnablePKCEPlainChallenge {
wellKnown.CodeChallengeMethodsSupported = append(wellKnown.CodeChallengeMethodsSupported, "plain")
}
ctx.SetContentType("application/json")
if err := json.NewEncoder(ctx).Encode(wellKnown); err != nil {
ctx.Logger.Errorf("Error occurred in JSON encode: %+v", err)
// TODO: Determine if this is the appropriate error code here.
ctx.Response.SetStatusCode(fasthttp.StatusInternalServerError)
return
}
}