# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1677842645 0
# Node ID 4ee8eb1134a84f2e5a00cd9ce6a26fa329840106
# Parent  7c531137a5532b4960cd70fdbfcaad4ae40d3a74
mod_http_oauth2: Add OIDC discovery endpoint (thanks Zash)

diff -r 7c531137a553 -r 4ee8eb1134a8 mod_http_oauth2/mod_http_oauth2.lua
--- a/mod_http_oauth2/mod_http_oauth2.lua	Thu Mar 02 23:59:09 2023 +0100
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Fri Mar 03 11:24:05 2023 +0000
@@ -369,3 +369,26 @@
 	event.response.status_code = event.error.code or 400;
 	return json.encode(oauth2_response);
 end, 5);
+
+-- OIDC Discovery
+
+module:provides("http", {
+	name = "oauth2-discovery";
+	default_path = "/.well-known/oauth-authorization-server";
+	route = {
+		["GET"] = {
+			headers = { content_type = "application/json" };
+			body = json.encode {
+				issuer = module:http_url(nil, "/");
+				authorization_endpoint = module:http_url() .. "/authorize";
+				token_endpoint = module:http_url() .. "/token";
+				jwks_uri = nil; -- TODO?
+				registration_endpoint = nil; -- TODO
+				scopes_supported = { "prosody:restricted"; "prosody:user"; "prosody:admin"; "prosody:operator" };
+				response_types_supported = { "code"; "token" };
+			};
+		};
+	};
+});
+
+module:shared("tokenauth/oauthbearer_config").oidc_discovery_url = module:http_url("oauth2-discovery", "/.well-known/oauth-authorization-server");