From 8f0f76c0da09e4f9d9b8f170666d7b82e04e9ff6 Mon Sep 17 00:00:00 2001
From: Will Webberley <me@wilw.dev>
Date: Thu, 10 Aug 2023 10:56:49 +0100
Subject: [PATCH] Add OpenID discovery endpoint

---
 idp/index.js | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/idp/index.js b/idp/index.js
index ca9bea7..9b2faec 100644
--- a/idp/index.js
+++ b/idp/index.js
@@ -360,6 +360,45 @@ app.post('/:code/saml/login', async (req, res) => {
     OAUTH2 HANDLERS
 */
 
+// Handle OpenID Connect configuration endpoint
+app.get('/:code/.well-known/openid-configuration', async (req, res) => {
+  const thisIdp = await getIdp(req.params.code);
+  if (!thisIdp) return errorJson(res, 'Unable to find an OAuth2 OpenID Connect IdP at this URL. Is your issuer code correct?', 404);
+  const baseUrl = `https://idp.sso.tools/${thisIdp.code}`
+  const returnData = {
+    issuer: baseUrl,
+    authorization_endpoint: `${baseUrl}/oauth2/authorize`,
+    token_endpoint: `${baseUrl}/oauth2/token`,
+    userinfo_endpoint: `${baseUrl}/api/users/me`,
+    scopes_supported: [
+      "openid",
+      "profile",
+      "email",
+    ],
+    response_types_supported: [
+      "code",
+      "code id_token",
+    ],
+    grant_types_supported: [
+      "authorization_code",
+    ],
+    subject_types_supported: [
+      "public"
+    ],
+    id_token_signing_alg_values_supported: [
+      "HS256",
+    ],
+    token_endpoint_auth_methods_supported: [
+      "client_secret_post",
+    ],
+    claims_parameter_supported: false,
+    claims_supported: ['sub', 'email', 'given_name', 'family_name'],
+    request_parameter_supported: false,
+    request_uri_parameter_supported: false
+  };
+  res.json(returnData);
+});
+
 // Handle requests to SP-initiated login for OAuth2
 app.get('/:code/oauth2/authorize', async (req, res) => {
   const clientId = req.query.client_id;