add well-known config for OIDC (#15355)

* add well-known config for OIDC

* spacing per feedback

* Update oidc_wellknown.tmpl

* add id_token

* Update oidc_wellknown.tmpl

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
tokarchuk/v1.17
techknowlogick 4 years ago committed by GitHub
parent 6a7090b41d
commit 024ef3940f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 3
      .editorconfig
  2. 1
      routers/routes/web.go
  3. 10
      routers/user/oauth.go
  4. 9
      templates/user/auth/oidc_wellknown.tmpl

@ -18,6 +18,9 @@ insert_final_newline = false
[templates/swagger/v1_json.tmpl] [templates/swagger/v1_json.tmpl]
indent_style = space indent_style = space
[templates/user/auth/oidc_wellknown.tmpl]
indent_style = space
[Makefile] [Makefile]
indent_style = tab indent_style = tab

@ -336,6 +336,7 @@ func RegisterRoutes(m *web.Route) {
// Routers. // Routers.
// for health check // for health check
m.Get("/", routers.Home) m.Get("/", routers.Home)
m.Get("/.well-known/openid-configuration", user.OIDCWellKnown)
m.Group("/explore", func() { m.Group("/explore", func() {
m.Get("", func(ctx *context.Context) { m.Get("", func(ctx *context.Context) {
ctx.Redirect(setting.AppSubURL + "/explore/repos") ctx.Redirect(setting.AppSubURL + "/explore/repos")

@ -389,6 +389,16 @@ func GrantApplicationOAuth(ctx *context.Context) {
ctx.Redirect(redirect.String(), 302) ctx.Redirect(redirect.String(), 302)
} }
// OIDCWellKnown generates JSON so OIDC clients know Gitea's capabilities
func OIDCWellKnown(ctx *context.Context) {
t := ctx.Render.TemplateLookup("user/auth/oidc_wellknown")
ctx.Resp.Header().Set("Content-Type", "application/json")
if err := t.Execute(ctx.Resp, ctx.Data); err != nil {
log.Error("%v", err)
ctx.Error(http.StatusInternalServerError)
}
}
// AccessTokenOAuth manages all access token requests by the client // AccessTokenOAuth manages all access token requests by the client
func AccessTokenOAuth(ctx *context.Context) { func AccessTokenOAuth(ctx *context.Context) {
form := *web.GetForm(ctx).(*forms.AccessTokenForm) form := *web.GetForm(ctx).(*forms.AccessTokenForm)

@ -0,0 +1,9 @@
{
"issuer": "{{AppUrl | JSEscape | Safe}}",
"authorization_endpoint": "{{AppUrl | JSEscape | Safe}}login/oauth/authorize",
"token_endpoint": "{{AppUrl | JSEscape | Safe}}login/oauth/access_token",
"response_types_supported": [
"code",
"id_token"
]
}
Loading…
Cancel
Save