Further openid work

2023-11-11 23:57:09 +00:00
parent 4107d37106
commit aaff151be7
8 changed files with 39 additions and 14 deletions
--- a/lib/sso_bsn/interactive.ex
+++ b/lib/sso_bsn/interactive.ex
@@ -36,7 +36,8 @@ defmodule SsoBsn.Interactive do
          "client_secret_post",
          "client_secret_jwt",
          "private_key_jwt"
-        ]
+        ],
+        id_token_signature_alg: "RS256"
      }
      |> Map.merge(opts |> Enum.into(%{}))
    )
--- a/lib/sso_bsn_web/controllers/openid/configuration.ex
+++ b/lib/sso_bsn_web/controllers/openid/configuration.ex
@@ -1,11 +1,14 @@
 defmodule SsoBsnWeb.Openid.ConfigurationController do
-	use SsoBsnWeb, :controller
+  use SsoBsnWeb, :controller

-	def config(conn, _params) do
-		conn |> json(%{
-			issuer: url(~p"/"),
-			authorization_endpoint: url(~p"/openid/authorize"),
-			token_endpoint: url(~p"/oauth/token")
-		})
-	end
+  def config(conn, _params) do
+    conn
+    |> json(%{
+      issuer: url(~p"/"),
+      authorization_endpoint: url(~p"/openid/authorize"),
+      token_endpoint: url(~p"/oauth/token"),
+      jwks_uri: url(~p"/openid/jwks"),
+      userinfo_endpoint: url(~p"/openid/userinfo")
+    })
+  end
 end
--- a/lib/sso_bsn_web/controllers/webfinger.ex
+++ b/lib/sso_bsn_web/controllers/webfinger.ex
@@ -0,0 +1,14 @@
+defmodule SsoBsnWeb.Webfinger do
+  use SsoBsnWeb, :controller
+
+  plug :put_resp_content_type, "application/jrd+json" 
+
+  def webfinger(conn, %{ "resource" => <<"acct:", _::bitstring>> = resource_uri }) do
+    conn |> json(%{
+      subject: resource_uri,
+      links: [
+        %{ rel: "http://openid.net/specs/connect/1.0/issuer", href: url(~p"/") }
+      ]
+    })
+  end
+end
--- a/lib/sso_bsn_web/resource_owners.ex
+++ b/lib/sso_bsn_web/resource_owners.ex
@@ -34,5 +34,8 @@ defmodule SsoBsnWeb.ResourceOwners do


 	@impl Boruta.Oauth.ResourceOwners
-	def claims(_resource_owner, _scope), do: %{}
+	def claims(resource_owner, _scope), do: %{
+		username: resource_owner.username,
+		email: "#{resource_owner.username}@#{Application.get_env(:sso_bsn, :session_domain)}"
+	}
 end
--- a/lib/sso_bsn_web/router.ex
+++ b/lib/sso_bsn_web/router.ex
@@ -15,6 +15,7 @@ defmodule SsoBsnWeb.Router do

  pipeline :api do
    plug :accepts, ["json"]
+    plug Corsica, origins: "*"
  end

  scope "/", SsoBsnWeb do
@@ -111,8 +112,9 @@ defmodule SsoBsnWeb.Router do
    get "/authorize", AuthorizeController, :authorize
  end
  
-  scope "/.well-known", SsoBsnWeb.Openid do
+  scope "/.well-known", SsoBsnWeb do
    pipe_through :api
-    get "/openid-configuration", ConfigurationController, :config
+    get "/openid-configuration", Openid.ConfigurationController, :config
+    get "/webfinger", Webfinger, :webfinger
  end
 end