Merge pull request #68 from fleetyards/feat/oidc/config

feat(auth): add oidc well known config
fleetyards · Apr 2, 2023 · afd96d3 · afd96d3
2 parents 8611831 + f80c475
commit afd96d3
Show file tree

Hide file tree

Showing 4 changed files with 53 additions and 0 deletions.
diff --git a/apps/ex_fleet_yards_api/lib/ex_fleet_yards_api/api_spec.ex b/apps/ex_fleet_yards_api/lib/ex_fleet_yards_api/api_spec.ex
@@ -45,6 +45,10 @@ defmodule ExFleetYardsApi.ApiSpec do
                 scopes: scope_list()
               }
             }
+          },
+          "openId" => %SecurityScheme{
+            type: "openIdConnect",
+            openIdConnectUrl: get_oid_conf_url()
           }
         }
       }
@@ -72,6 +76,19 @@ defmodule ExFleetYardsApi.ApiSpec do
     end
   end
 
+  defp get_oid_conf_url do
+    case Code.ensure_compiled(ExFleetYardsAuth.Router.Helpers) do
+      {:module, _} ->
+        ExFleetYardsAuth.Router.Helpers.configuration_path(
+          ExFleetYardsAuth.Endpoint,
+          :configuration
+        )
+
+      {:error, _} ->
+        "https://#{Application.get_env(:ex_fleet_yards_api, :auth_domain)}/.well-known/openid-configuration"
+    end
+  end
+
   defp scope_list do
     ExFleetYards.Scopes.scope_list()
     |> Enum.map(fn

diff --git a/...x_fleet_yards_auth/lib/ex_fleet_yards_auth/controllers/openid/configuration_controller.ex b/...x_fleet_yards_auth/lib/ex_fleet_yards_auth/controllers/openid/configuration_controller.ex
@@ -0,0 +1,31 @@
+defmodule ExFleetYardsAuth.Openid.ConfigurationController do
+  use ExFleetYardsAuth, :controller
+
+  plug :put_view, json: ExFleetYardsAuth.Openid.Json
+
+  def configuration(conn, _params) do
+    issuer = Boruta.Config.issuer()
+    base_url = ExFleetYardsAuth.Endpoint.url()
+    # TODO: userinfo (#67)
+
+    config = %{
+      issuer: issuer,
+      auth_endpoint: base_url <> ~p"/oauth/authorize",
+      token_endpoint: base_url <> ~p"/oauth/token",
+      jwks_url: base_url <> ~p"/openid/certs",
+      scopes_supported: scope_list(),
+      response_types_supported: ["id_token", "code id_token", "id_token token"],
+      grant_types_supported: Boruta.Oauth.Client.grant_types(),
+      subject_types_supported: ["public"],
+      id_token_signing_alg_values_supported: ["RS256"],
+      claims_supported: ["sub", "email", "nickname", "hangar_updated_at", "public_hangar"]
+    }
+
+    render(conn, :configuration, config: config)
+  end
+
+  defp scope_list do
+    ExFleetYards.Scopes.scope_list()
+    |> Enum.map(fn {scope, _} -> scope end)
+  end
+end
diff --git a/apps/ex_fleet_yards_auth/lib/ex_fleet_yards_auth/controllers/openid/json.ex b/apps/ex_fleet_yards_auth/lib/ex_fleet_yards_auth/controllers/openid/json.ex
@@ -9,4 +9,8 @@ defmodule ExFleetYardsAuth.Openid.Json do
   def userinfo(%{userinfo: userinfo}) do
     userinfo
   end
+
+  def configuration(%{config: config}) do
+    config
+  end
 end
diff --git a/apps/ex_fleet_yards_auth/lib/ex_fleet_yards_auth/router.ex b/apps/ex_fleet_yards_auth/lib/ex_fleet_yards_auth/router.ex
@@ -61,5 +61,6 @@ defmodule ExFleetYardsAuth.Router do
     pipe_through [:api]
 
     get "/openid/certs", Openid.JwksController, :jwks_index
+    get "/.well-known/openid-configuration", Openid.ConfigurationController, :configuration
   end
 end