2022-04-07 05:33:53 +00:00
|
|
|
package oidc
|
|
|
|
|
|
|
|
// NewOpenIDConnectWellKnownConfiguration generates a new OpenIDConnectWellKnownConfiguration.
|
2022-10-20 02:16:36 +00:00
|
|
|
func NewOpenIDConnectWellKnownConfiguration(enablePKCEPlainChallenge bool, clients map[string]*Client) (config OpenIDConnectWellKnownConfiguration) {
|
2022-04-07 05:33:53 +00:00
|
|
|
config = OpenIDConnectWellKnownConfiguration{
|
|
|
|
CommonDiscoveryOptions: CommonDiscoveryOptions{
|
|
|
|
SubjectTypesSupported: []string{
|
2022-10-20 02:16:36 +00:00
|
|
|
SubjectTypePublic,
|
2022-04-07 05:33:53 +00:00
|
|
|
},
|
|
|
|
ResponseTypesSupported: []string{
|
|
|
|
"code",
|
|
|
|
"token",
|
|
|
|
"id_token",
|
|
|
|
"code token",
|
|
|
|
"code id_token",
|
|
|
|
"token id_token",
|
|
|
|
"code token id_token",
|
|
|
|
"none",
|
|
|
|
},
|
|
|
|
ResponseModesSupported: []string{
|
2022-10-20 02:16:36 +00:00
|
|
|
ResponseModeFormPost,
|
|
|
|
ResponseModeQuery,
|
|
|
|
ResponseModeFragment,
|
2022-04-07 05:33:53 +00:00
|
|
|
},
|
|
|
|
ScopesSupported: []string{
|
|
|
|
ScopeOfflineAccess,
|
|
|
|
ScopeOpenID,
|
|
|
|
ScopeProfile,
|
|
|
|
ScopeGroups,
|
|
|
|
ScopeEmail,
|
|
|
|
},
|
|
|
|
ClaimsSupported: []string{
|
2022-10-20 02:16:36 +00:00
|
|
|
ClaimAuthenticationMethodsReference,
|
|
|
|
ClaimAudience,
|
|
|
|
ClaimAuthorizedParty,
|
|
|
|
ClaimClientIdentifier,
|
|
|
|
ClaimExpirationTime,
|
|
|
|
ClaimIssuedAt,
|
|
|
|
ClaimIssuer,
|
|
|
|
ClaimJWTID,
|
|
|
|
ClaimRequestedAt,
|
|
|
|
ClaimSubject,
|
|
|
|
ClaimAuthenticationTime,
|
|
|
|
ClaimNonce,
|
|
|
|
ClaimPreferredEmail,
|
2022-04-07 05:33:53 +00:00
|
|
|
ClaimEmailVerified,
|
|
|
|
ClaimEmailAlts,
|
|
|
|
ClaimGroups,
|
|
|
|
ClaimPreferredUsername,
|
2022-10-20 02:16:36 +00:00
|
|
|
ClaimFullName,
|
2022-04-07 05:33:53 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
OAuth2DiscoveryOptions: OAuth2DiscoveryOptions{
|
|
|
|
CodeChallengeMethodsSupported: []string{
|
2022-10-20 02:16:36 +00:00
|
|
|
PKCEChallengeMethodSHA256,
|
2022-04-07 05:33:53 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
OpenIDConnectDiscoveryOptions: OpenIDConnectDiscoveryOptions{
|
|
|
|
IDTokenSigningAlgValuesSupported: []string{
|
2022-10-20 02:16:36 +00:00
|
|
|
SigningAlgorithmRSAWithSHA256,
|
2022-04-07 05:33:53 +00:00
|
|
|
},
|
|
|
|
UserinfoSigningAlgValuesSupported: []string{
|
2022-10-20 02:16:36 +00:00
|
|
|
SigningAlgorithmNone,
|
|
|
|
SigningAlgorithmRSAWithSHA256,
|
2022-04-07 05:33:53 +00:00
|
|
|
},
|
|
|
|
RequestObjectSigningAlgValuesSupported: []string{
|
2022-10-20 02:16:36 +00:00
|
|
|
SigningAlgorithmNone,
|
|
|
|
SigningAlgorithmRSAWithSHA256,
|
2022-04-07 05:33:53 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2022-10-20 02:16:36 +00:00
|
|
|
var pairwise, public bool
|
|
|
|
|
|
|
|
for _, client := range clients {
|
|
|
|
if pairwise && public {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
|
|
|
|
if client.SectorIdentifier != "" {
|
|
|
|
pairwise = true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-04-07 05:33:53 +00:00
|
|
|
if pairwise {
|
2022-10-20 02:16:36 +00:00
|
|
|
config.SubjectTypesSupported = append(config.SubjectTypesSupported, SubjectTypePairwise)
|
2022-04-07 05:33:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if enablePKCEPlainChallenge {
|
2022-10-20 02:16:36 +00:00
|
|
|
config.CodeChallengeMethodsSupported = append(config.CodeChallengeMethodsSupported, PKCEChallengeMethodPlain)
|
2022-04-07 05:33:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return config
|
|
|
|
}
|