userinfo and more

2019-12-10 14:50:39 +01:00 · 2019-12-10 14:50:39 +01:00 · 85814fb69a
commit 85814fb69a
parent 7210be8e4b
12 changed files with 702 additions and 134 deletions
--- a/pkg/op/discovery.go
+++ b/pkg/op/discovery.go
@ -20,27 +20,38 @@ func CreateDiscoveryConfig(c Configuration, s Signer) *oidc.DiscoveryConfigurati
 		UserinfoEndpoint: c.UserinfoEndpoint().Absolute(c.Issuer()),
 		// EndSessionEndpoint: c.TokenEndpoint().Absolute(c.Issuer())(c.EndSessionEndpoint),
 		// CheckSessionIframe: c.TokenEndpoint().Absolute(c.Issuer())(c.CheckSessionIframe),
-		JwksURI:                c.KeysEndpoint().Absolute(c.Issuer()),
-		ScopesSupported:        scopes(c),
-		ResponseTypesSupported: responseTypes(c),
-		GrantTypesSupported:    grantTypes(c),
-		// ClaimsSupported:                   oidc.SupportedClaims,
-		IDTokenSigningAlgValuesSupported:  sigAlgorithms(s),
-		SubjectTypesSupported:             subjectTypes(c),
-		TokenEndpointAuthMethodsSupported: authMethods(c.AuthMethodBasicSupported(), c.AuthMethodPostSupported()),
+		JwksURI:                           c.KeysEndpoint().Absolute(c.Issuer()),
+		ScopesSupported:                   Scopes(c),
+		ResponseTypesSupported:            ResponseTypes(c),
+		GrantTypesSupported:               GrantTypes(c),
+		ClaimsSupported:                   SupportedClaims(c),
+		IDTokenSigningAlgValuesSupported:  SigAlgorithms(s),
+		SubjectTypesSupported:             SubjectTypes(c),
+		TokenEndpointAuthMethodsSupported: AuthMethods(c),
 	}
 }

-func scopes(c Configuration) []string {
-	return []string{
-		"openid",
-		"profile",
-		"email",
-		"phone",
-	} //TODO: config
+const (
+	ScopeOpenID  = "openid"
+	ScopeProfile = "profile"
+	ScopeEmail   = "email"
+	ScopePhone   = "phone"
+	ScopeAddress = "address"
+)
+
+var DefaultSupportedScopes = []string{
+	ScopeOpenID,
+	ScopeProfile,
+	ScopeEmail,
+	ScopePhone,
+	ScopeAddress,
 }

-func responseTypes(c Configuration) []string {
+func Scopes(c Configuration) []string {
+	return DefaultSupportedScopes //TODO: config
+}
+
+func ResponseTypes(c Configuration) []string {
 	return []string{
 		"code",
 		"id_token",
@ -51,7 +62,7 @@ func responseTypes(c Configuration) []string {
 	}
 }

-func grantTypes(c Configuration) []string {
+func GrantTypes(c Configuration) []string {
 	return []string{
 		"client_credentials",
 		"authorization_code",
@ -60,23 +71,49 @@ func grantTypes(c Configuration) []string {
 	}
 }

-func sigAlgorithms(s Signer) []string {
+func SupportedClaims(c Configuration) []string {
+	return []string{ //TODO: config
+		"sub",
+		"aud",
+		"exp",
+		"iat",
+		"iss",
+		"auth_time",
+		"nonce",
+		"acr",
+		"amr",
+		"c_hash",
+		"at_hash",
+		"act",
+		"scopes",
+		"client_id",
+		"azp",
+		"preferred_username",
+		"name",
+		"family_name",
+		"given_name",
+		"locale",
+		"email",
+		"email_verified",
+		"phone_number",
+		"phone_number_verified",
+	}
+}
+
+func SigAlgorithms(s Signer) []string {
 	return []string{string(s.SignatureAlgorithm())}
 }

-func subjectTypes(c Configuration) []string {
+func SubjectTypes(c Configuration) []string {
 	return []string{"public"} //TODO: config
 }

-func authMethods(basic, post bool) []string {
-	authMethods := make([]string, 0, 2)
-	if basic {
-		// if c.AuthMethodBasicSupported() {
-		authMethods = append(authMethods, authMethodBasic)
+func AuthMethods(c Configuration) []string {
+	authMethods := []string{
+		AuthMethodBasic,
 	}
-	if post {
-		// if c.AuthMethodPostSupported() {
-		authMethods = append(authMethods, authMethodPost)
+	if c.AuthMethodPostSupported() {
+		authMethods = append(authMethods, AuthMethodPost)
 	}
 	return authMethods
 }