Auth route /whoami for nginx subrequest auth, support changing the session cookie domain for that purpose

lib/sso_bsn_web/controllers/openid/authorize_controller.ex

@@ -7,8 +7,7 @@ defmodule SsoBsnWeb.Openid.AuthorizeController do
   alias Boruta.Oauth.Error
   alias Boruta.Oauth.ResourceOwner
   alias SsoBsnWeb.UserAuth
-  alias SsoBsnWeb.Openid.AuthorizeView
-
+  
   def oauth_module, do: Application.get_env(:sso_bsn, :oauth_module, Boruta.Oauth)
 
   def authorize(%Plug.Conn{} = conn, _params) do

lib/sso_bsn_web/controllers/user_session_controller.ex

@@ -23,4 +23,13 @@ defmodule SsoBsnWeb.UserSessionController do
     |> put_flash(:info, "Logged out successfully.")
     |> UserAuth.log_out_user()
   end
+
+  def check_auth(conn, _params) do
+    user = conn.assigns[:current_user]
+    conn
+    |> put_resp_header("X-Auth-Username", user.username)
+    |> json(%{
+      username: user.username
+    })
+  end
 end

lib/sso_bsn_web/endpoint.ex

@@ -8,7 +8,8 @@ defmodule SsoBsnWeb.Endpoint do
     store: :cookie,
     key: "_sso_bsn_key",
     signing_salt: "2YoB6zeO",
-    same_site: "Lax"
+    same_site: "Lax",
+    domain: Application.compile_env(:sso_bsn, :session_domain)
   ]
 
   socket "/live", Phoenix.LiveView.Socket, websocket: [connect_info: [session: @session_options]]

lib/sso_bsn_web/resource_owners.ex

@@ -4,7 +4,6 @@ defmodule SsoBsnWeb.ResourceOwners do
 	alias Boruta.Oauth.ResourceOwner
 	alias SsoBsn.Accounts.User
 	alias SsoBsn.Accounts
-	alias SsoBsn.Repo
 
 	@impl Boruta.Oauth.ResourceOwners
 	def get_by(username: username) do

lib/sso_bsn_web/router.ex

@@ -74,6 +74,12 @@ defmodule SsoBsnWeb.Router do
     delete "/users/log_out", UserSessionController, :delete
   end
 
+  scope "/", SsoBsnWeb do
+    pipe_through [:api, :fetch_session, :fetch_current_user, :require_authenticated_user]
+
+    get "/whoami", UserSessionController, :check_auth
+  end
+
 
   # OIDC
   scope "/oauth", SsoBsnWeb.Oauth do