Merge branch 'main' into perf-introspecion

2025-12-11 12:42:16 +00:00 · 2023-11-13 18:16:32 +02:00
parent 8eea5eccd1 081a0b4cb7
commit c4cf569164
186 changed files with 11778 additions and 1466 deletions
--- a/internal/api/oidc/server.go
+++ b/internal/api/oidc/server.go
@@ -23,8 +23,9 @@ type Server struct {
 	query   *query.Queries
 	command *command.Commands

-	fallbackLogger *slog.Logger
-	hashAlg        crypto.HashAlgorithm
+	fallbackLogger      *slog.Logger
+	hashAlg             crypto.HashAlgorithm
+	signingKeyAlgorithm string
 }

 func endpoints(endpointConfig *EndpointConfig) op.Endpoints {
@@ -99,7 +100,7 @@ func (s *Server) Discovery(ctx context.Context, r *op.Request[struct{}]) (_ *op.
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()

-	return s.LegacyServer.Discovery(ctx, r)
+	return op.NewResponse(s.createDiscoveryConfig(ctx)), nil
 }

 func (s *Server) Keys(ctx context.Context, r *op.Request[struct{}]) (_ *op.Response, err error) {
@@ -199,3 +200,34 @@ func (s *Server) EndSession(ctx context.Context, r *op.Request[oidc.EndSessionRe

 	return s.LegacyServer.EndSession(ctx, r)
 }
+
+func (s *Server) createDiscoveryConfig(ctx context.Context) *oidc.DiscoveryConfiguration {
+	issuer := op.IssuerFromContext(ctx)
+	return &oidc.DiscoveryConfiguration{
+		Issuer:                                     issuer,
+		AuthorizationEndpoint:                      s.Endpoints().Authorization.Absolute(issuer),
+		TokenEndpoint:                              s.Endpoints().Token.Absolute(issuer),
+		IntrospectionEndpoint:                      s.Endpoints().Introspection.Absolute(issuer),
+		UserinfoEndpoint:                           s.Endpoints().Userinfo.Absolute(issuer),
+		RevocationEndpoint:                         s.Endpoints().Revocation.Absolute(issuer),
+		EndSessionEndpoint:                         s.Endpoints().EndSession.Absolute(issuer),
+		JwksURI:                                    s.Endpoints().JwksURI.Absolute(issuer),
+		DeviceAuthorizationEndpoint:                s.Endpoints().DeviceAuthorization.Absolute(issuer),
+		ScopesSupported:                            op.Scopes(s.Provider()),
+		ResponseTypesSupported:                     op.ResponseTypes(s.Provider()),
+		GrantTypesSupported:                        op.GrantTypes(s.Provider()),
+		SubjectTypesSupported:                      op.SubjectTypes(s.Provider()),
+		IDTokenSigningAlgValuesSupported:           []string{s.signingKeyAlgorithm},
+		RequestObjectSigningAlgValuesSupported:     op.RequestObjectSigAlgorithms(s.Provider()),
+		TokenEndpointAuthMethodsSupported:          op.AuthMethodsTokenEndpoint(s.Provider()),
+		TokenEndpointAuthSigningAlgValuesSupported: op.TokenSigAlgorithms(s.Provider()),
+		IntrospectionEndpointAuthSigningAlgValuesSupported: op.IntrospectionSigAlgorithms(s.Provider()),
+		IntrospectionEndpointAuthMethodsSupported:          op.AuthMethodsIntrospectionEndpoint(s.Provider()),
+		RevocationEndpointAuthSigningAlgValuesSupported:    op.RevocationSigAlgorithms(s.Provider()),
+		RevocationEndpointAuthMethodsSupported:             op.AuthMethodsRevocationEndpoint(s.Provider()),
+		ClaimsSupported:                                    op.SupportedClaims(s.Provider()),
+		CodeChallengeMethodsSupported:                      op.CodeChallengeMethods(s.Provider()),
+		UILocalesSupported:                                 s.Provider().SupportedUILocales(),
+		RequestParameterSupported:                          s.Provider().RequestObjectSupported(),
+	}
+}