argoyle
9992fb4ef1
Refactor the application to a Go-based architecture for improved performance and maintainability. Replace the Dockerfile to utilize a multi-stage build process, enhancing image efficiency. Implement comprehensive session store tests to ensure reliability and create new OAuth handlers for managing authentication efficiently. Update documentation to reflect these structural changes.
78 lines
3.2 KiB
Go
78 lines
3.2 KiB
Go
package handlers
|
|
|
|
import (
|
|
"encoding/json"
|
|
"net/http"
|
|
|
|
"gitlab.com/unboundsoftware/auth0mock/auth"
|
|
)
|
|
|
|
// DiscoveryHandler handles OIDC discovery endpoints
|
|
type DiscoveryHandler struct {
|
|
jwtService *auth.JWTService
|
|
}
|
|
|
|
// NewDiscoveryHandler creates a new discovery handler
|
|
func NewDiscoveryHandler(jwtService *auth.JWTService) *DiscoveryHandler {
|
|
return &DiscoveryHandler{
|
|
jwtService: jwtService,
|
|
}
|
|
}
|
|
|
|
// OpenIDConfiguration returns the OIDC discovery document
|
|
func (h *DiscoveryHandler) OpenIDConfiguration(w http.ResponseWriter, r *http.Request) {
|
|
issuer := h.jwtService.Issuer()
|
|
|
|
config := map[string]interface{}{
|
|
"issuer": issuer,
|
|
"authorization_endpoint": issuer + "authorize",
|
|
"token_endpoint": issuer + "oauth/token",
|
|
"token_endpoint_auth_methods_supported": []string{"client_secret_basic", "private_key_jwt"},
|
|
"token_endpoint_auth_signing_alg_values_supported": []string{"RS256"},
|
|
"userinfo_endpoint": issuer + "userinfo",
|
|
"check_session_iframe": issuer + "check_session",
|
|
"end_session_endpoint": issuer + "end_session",
|
|
"jwks_uri": issuer + ".well-known/jwks.json",
|
|
"registration_endpoint": issuer + "register",
|
|
"scopes_supported": []string{"openid", "profile", "email", "address", "phone", "offline_access"},
|
|
"response_types_supported": []string{"code", "code id_token", "id_token", "id_token token"},
|
|
"acr_values_supported": []string{},
|
|
"subject_types_supported": []string{"public", "pairwise"},
|
|
"userinfo_signing_alg_values_supported": []string{"RS256", "ES256", "HS256"},
|
|
"userinfo_encryption_alg_values_supported": []string{"RSA-OAEP-256", "A128KW"},
|
|
"userinfo_encryption_enc_values_supported": []string{"A128CBC-HS256", "A128GCM"},
|
|
"id_token_signing_alg_values_supported": []string{"RS256", "ES256", "HS256"},
|
|
"id_token_encryption_alg_values_supported": []string{"RSA-OAEP-256", "A128KW"},
|
|
"id_token_encryption_enc_values_supported": []string{"A128CBC-HS256", "A128GCM"},
|
|
"request_object_signing_alg_values_supported": []string{"none", "RS256", "ES256"},
|
|
"display_values_supported": []string{"page", "popup"},
|
|
"claim_types_supported": []string{"normal", "distributed"},
|
|
"claims_supported": []string{
|
|
"sub", "iss", "auth_time", "acr",
|
|
"name", "given_name", "family_name", "nickname",
|
|
"profile", "picture", "website",
|
|
"email", "email_verified", "locale", "zoneinfo",
|
|
h.jwtService.EmailClaim(), h.jwtService.AdminClaim(),
|
|
},
|
|
"claims_parameter_supported": true,
|
|
"service_documentation": "http://auth0/",
|
|
"ui_locales_supported": []string{"en-US"},
|
|
"code_challenge_methods_supported": []string{"plain", "S256"},
|
|
}
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
json.NewEncoder(w).Encode(config)
|
|
}
|
|
|
|
// JWKS returns the JSON Web Key Set
|
|
func (h *DiscoveryHandler) JWKS(w http.ResponseWriter, r *http.Request) {
|
|
jwks, err := h.jwtService.GetJWKS()
|
|
if err != nil {
|
|
http.Error(w, "Failed to get JWKS", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.Write(jwks)
|
|
}
|