diff mod_http_oauth2/mod_http_oauth2.lua @ 5189:4ee8eb1134a8

mod_http_oauth2: Add OIDC discovery endpoint (thanks Zash)
author Matthew Wild <mwild1@gmail.com>
date Fri, 03 Mar 2023 11:24:05 +0000
parents 7c531137a553
children 1733f184e2bb
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Thu Mar 02 23:59:09 2023 +0100
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Fri Mar 03 11:24:05 2023 +0000
@@ -369,3 +369,26 @@
 	event.response.status_code = event.error.code or 400;
 	return json.encode(oauth2_response);
 end, 5);
+
+-- OIDC Discovery
+
+module:provides("http", {
+	name = "oauth2-discovery";
+	default_path = "/.well-known/oauth-authorization-server";
+	route = {
+		["GET"] = {
+			headers = { content_type = "application/json" };
+			body = json.encode {
+				issuer = module:http_url(nil, "/");
+				authorization_endpoint = module:http_url() .. "/authorize";
+				token_endpoint = module:http_url() .. "/token";
+				jwks_uri = nil; -- TODO?
+				registration_endpoint = nil; -- TODO
+				scopes_supported = { "prosody:restricted"; "prosody:user"; "prosody:admin"; "prosody:operator" };
+				response_types_supported = { "code"; "token" };
+			};
+		};
+	};
+});
+
+module:shared("tokenauth/oauthbearer_config").oidc_discovery_url = module:http_url("oauth2-discovery", "/.well-known/oauth-authorization-server");