server: implement OAuth discovery (RFC 8414)

This commit is contained in:
Johann150 2022-11-06 18:45:50 +01:00 committed by Gitea
parent 5291f29581
commit bdcec2b8a7
2 changed files with 32 additions and 4 deletions

View file

@ -0,0 +1,16 @@
import { kinds } from '@/misc/api-permissions.js';
import config from '@/config/index.js';
// Since it cannot change while the server is running, we can serialize it once
// instead of having to serialize it every time it is requested.
export const oauthMeta = JSON.stringify({
issuer: config.url,
authorization_endpoint: `${config.url}/auth`,
token_endpoint: `${config.apiUrl}/auth/session/oauth`,
scopes_supported: kinds,
response_types_supported: ['code'],
grant_types_supported: ['authorization_code'],
token_endpoint_auth_methods_supported: ['client_secret_basic'],
service_documentation: `${config.url}/api-doc`,
code_challenge_methods_supported: ['S256'],
});

View file

@ -7,6 +7,7 @@ import { escapeAttribute, escapeValue } from '@/prelude/xml.js';
import { Users } from '@/models/index.js'; import { Users } from '@/models/index.js';
import { User } from '@/models/entities/user.js'; import { User } from '@/models/entities/user.js';
import { links } from './nodeinfo.js'; import { links } from './nodeinfo.js';
import { oauthMeta } from './oauth.js';
// Init router // Init router
const router = new Router(); const router = new Router();
@ -62,10 +63,21 @@ router.get('/.well-known/nodeinfo', async ctx => {
ctx.body = { links }; ctx.body = { links };
}); });
/* TODO function oauth(ctx) {
router.get('/.well-known/change-password', async ctx => { ctx.body = oauthMeta;
}); ctx.type = 'application/json';
*/ ctx.set('Cache-Control', 'max-age=31536000, immutable');
}
// implements RFC 8414
router.get('/.well-known/oauth-authorization-server', oauth);
// From the above RFC:
//> The identifiers "/.well-known/openid-configuration" [...] contain strings
//> referring to the OpenID Connect family of specifications [...]. Despite the reuse
//> of these identifiers that appear to be OpenID specific, their usage in this
//> specification is actually referring to general OAuth 2.0 features that are not
//> specific to OpenID Connect.
router.get('/.well-known/openid-configuration', oauth);
router.get(webFingerPath, async ctx => { router.get(webFingerPath, async ctx => {
const fromId = (id: User['id']): FindOptionsWhere<User> => ({ const fromId = (id: User['id']): FindOptionsWhere<User> => ({