Add OpenID discovery endpoint

2023-08-10 10:56:49 +01:00 · 2023-08-10 10:56:49 +01:00 · 8f0f76c0da
commit 8f0f76c0da
parent e051da8bc9
1 changed files with 39 additions and 0 deletions
--- a/idp/index.js
+++ b/idp/index.js
@ -360,6 +360,45 @@ app.post('/:code/saml/login', async (req, res) => {
    OAUTH2 HANDLERS
 */

+// Handle OpenID Connect configuration endpoint
+app.get('/:code/.well-known/openid-configuration', async (req, res) => {
+  const thisIdp = await getIdp(req.params.code);
+  if (!thisIdp) return errorJson(res, 'Unable to find an OAuth2 OpenID Connect IdP at this URL. Is your issuer code correct?', 404);
+  const baseUrl = `https://idp.sso.tools/${thisIdp.code}`
+  const returnData = {
+    issuer: baseUrl,
+    authorization_endpoint: `${baseUrl}/oauth2/authorize`,
+    token_endpoint: `${baseUrl}/oauth2/token`,
+    userinfo_endpoint: `${baseUrl}/api/users/me`,
+    scopes_supported: [
+      "openid",
+      "profile",
+      "email",
+    ],
+    response_types_supported: [
+      "code",
+      "code id_token",
+    ],
+    grant_types_supported: [
+      "authorization_code",
+    ],
+    subject_types_supported: [
+      "public"
+    ],
+    id_token_signing_alg_values_supported: [
+      "HS256",
+    ],
+    token_endpoint_auth_methods_supported: [
+      "client_secret_post",
+    ],
+    claims_parameter_supported: false,
+    claims_supported: ['sub', 'email', 'given_name', 'family_name'],
+    request_parameter_supported: false,
+    request_uri_parameter_supported: false
+  };
+  res.json(returnData);
+});
+
 // Handle requests to SP-initiated login for OAuth2
 app.get('/:code/oauth2/authorize', async (req, res) => {
  const clientId = req.query.client_id;