feat(op): Server interface (#447)

* first draft of a new server interface * allow any response type * complete interface docs * refelct the format from the proposal * intermediate commit with some methods implemented * implement remaining token grant type methods * implement remaining server methods * error handling * rewrite auth request validation * define handlers, routes * input validation and concrete handlers * check if client credential client is authenticated * copy and modify the routes test for the legacy server * run integration tests against both Server and Provider * remove unuse ValidateAuthRequestV2 function * unit tests for error handling * cleanup tokenHandler * move server routest test * unit test authorize * handle client credentials in VerifyClient * change code exchange route test * finish http unit tests * review server interface docs and spelling * add withClient unit test * server options * cleanup unused GrantType method * resolve typo comments * make endpoints pointers to enable/disable them * jwt profile base work * jwt: correct the test expect --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2023-09-28 17:30:08 +03:00 · 2023-09-28 17:30:08 +03:00 · 0f8a0585bf
commit 0f8a0585bf
parent daf82a5e04
28 changed files with 3654 additions and 126 deletions
--- a/pkg/op/discovery.go
+++ b/pkg/op/discovery.go
@ -25,7 +25,7 @@ var DefaultSupportedScopes = []string{

 func discoveryHandler(c Configuration, s DiscoverStorage) func(http.ResponseWriter, *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
-		Discover(w, CreateDiscoveryConfig(r, c, s))
+		Discover(w, CreateDiscoveryConfig(r.Context(), c, s))
 	}
 }

@ -33,8 +33,8 @@ func Discover(w http.ResponseWriter, config *oidc.DiscoveryConfiguration) {
 	httphelper.MarshalJSON(w, config)
 }

-func CreateDiscoveryConfig(r *http.Request, config Configuration, storage DiscoverStorage) *oidc.DiscoveryConfiguration {
-	issuer := config.IssuerFromRequest(r)
+func CreateDiscoveryConfig(ctx context.Context, config Configuration, storage DiscoverStorage) *oidc.DiscoveryConfiguration {
+	issuer := IssuerFromContext(ctx)
 	return &oidc.DiscoveryConfiguration{
 		Issuer:                                     issuer,
 		AuthorizationEndpoint:                      config.AuthorizationEndpoint().Absolute(issuer),
@ -49,7 +49,38 @@ func CreateDiscoveryConfig(r *http.Request, config Configuration, storage Discov
 		ResponseTypesSupported:                     ResponseTypes(config),
 		GrantTypesSupported:                        GrantTypes(config),
 		SubjectTypesSupported:                      SubjectTypes(config),
-		IDTokenSigningAlgValuesSupported:           SigAlgorithms(r.Context(), storage),
+		IDTokenSigningAlgValuesSupported:           SigAlgorithms(ctx, storage),
+		RequestObjectSigningAlgValuesSupported:     RequestObjectSigAlgorithms(config),
+		TokenEndpointAuthMethodsSupported:          AuthMethodsTokenEndpoint(config),
+		TokenEndpointAuthSigningAlgValuesSupported: TokenSigAlgorithms(config),
+		IntrospectionEndpointAuthSigningAlgValuesSupported: IntrospectionSigAlgorithms(config),
+		IntrospectionEndpointAuthMethodsSupported:          AuthMethodsIntrospectionEndpoint(config),
+		RevocationEndpointAuthSigningAlgValuesSupported:    RevocationSigAlgorithms(config),
+		RevocationEndpointAuthMethodsSupported:             AuthMethodsRevocationEndpoint(config),
+		ClaimsSupported:                                    SupportedClaims(config),
+		CodeChallengeMethodsSupported:                      CodeChallengeMethods(config),
+		UILocalesSupported:                                 config.SupportedUILocales(),
+		RequestParameterSupported:                          config.RequestObjectSupported(),
+	}
+}
+
+func createDiscoveryConfigV2(ctx context.Context, config Configuration, storage DiscoverStorage, endpoints *Endpoints) *oidc.DiscoveryConfiguration {
+	issuer := IssuerFromContext(ctx)
+	return &oidc.DiscoveryConfiguration{
+		Issuer:                                     issuer,
+		AuthorizationEndpoint:                      endpoints.Authorization.Absolute(issuer),
+		TokenEndpoint:                              endpoints.Token.Absolute(issuer),
+		IntrospectionEndpoint:                      endpoints.Introspection.Absolute(issuer),
+		UserinfoEndpoint:                           endpoints.Userinfo.Absolute(issuer),
+		RevocationEndpoint:                         endpoints.Revocation.Absolute(issuer),
+		EndSessionEndpoint:                         endpoints.EndSession.Absolute(issuer),
+		JwksURI:                                    endpoints.JwksURI.Absolute(issuer),
+		DeviceAuthorizationEndpoint:                endpoints.DeviceAuthorization.Absolute(issuer),
+		ScopesSupported:                            Scopes(config),
+		ResponseTypesSupported:                     ResponseTypes(config),
+		GrantTypesSupported:                        GrantTypes(config),
+		SubjectTypesSupported:                      SubjectTypes(config),
+		IDTokenSigningAlgValuesSupported:           SigAlgorithms(ctx, storage),
 		RequestObjectSigningAlgValuesSupported:     RequestObjectSigAlgorithms(config),
 		TokenEndpointAuthMethodsSupported:          AuthMethodsTokenEndpoint(config),
 		TokenEndpointAuthSigningAlgValuesSupported: TokenSigAlgorithms(config),