fix.

README.md

@@ -1,35 +1,28 @@
 # OpenIDConnectOp Sample
 
-A sample OpenID Connect Provider (OP or IdP) using the `openid_connect` gem.
+A sample OpenID Connect Provider (OP or IdP) using the `openid_connect` gem. The Authorization Code Flow.
 
 Ruby on Rails 6.1. See https://www.nslabs.jp/digital-identity.rhtml
 
 
+
 ## Resources
 
 For this sample:
  * View source on GitHub:   https://github.com/netsphere-labs/openid_connect_sample/
 
 For more information, see readme and wiki for `openid_connect` gem:
+ * https://github.com/nov/openid_connect/
 
-* https://github.com/nov/openid_connect
+OAuth 2.0 server library:
+ * https://github.com/nov/rack-oauth2/
 
 
 Also of interest, the corresponding sample RP:
- * [OmniAuth2, OpenID Connect sample](https://gitlab.com/netsphere/rails-examples/-/tree/main/omniauth-oidc-rp-sample) the Authorization Code Flow, the Implicit Flow. And, Single Logout (SLO) based on OpenID Connect RP-Initiated Logout 1.0.
- * [OpenID Connect - Implicit Flow Relying Party (RP) sample](https://github.com/netsphere-labs/openid-connect-implicit-flow-rp-sample/)
-
-
-## Live Example
+ * [OmniAuth2, OpenID Connect RP sample](https://gitlab.com/netsphere/rails-examples/-/tree/main/omniauth-oidc-rp-sample/) the Authorization Code Flow, the Implicit Flow. And, Single Logout (SLO) based on OpenID Connect RP-Initiated Logout 1.0.
 
-Nov has this sample running on Heroku: https://connect-op.herokuapp.com
+ * [OpenID Connect - Implicit Flow Relying Party (RP) sample](https://github.com/netsphere-labs/openid-connect-implicit-flow-rp-sample/)
 
-To see it in action right now:
-
-* visit [Nov's Sample RP on Heroku](https://connect-rp.herokuapp.com)
-* enter `connect-op.herokuapp.com` in the form
-* press "Discover"
-* the RP will use the OP to authenticate
 
 
 ## How to Run This Example on Your Machine
@@ -47,11 +40,14 @@ This sample application does not use "omniauth-openid-connect" gem.
 
 To run this in development mode on your local machine:
 
-* Download (or fork or clone) this repo
-* `bundle install` (see "Note" section below if you get "pg"-gem-related problems)
+ 1. Download (or fork or clone) this repo
+
+ 2. `bundle install` (see "Note" section below if you get "pg"-gem-related problems)
 
-`config/database.yml.sample` ファイルを `config/database.yml` にコピーして、適宜編集。
+ 3. `config/database.yml.sample` ファイルを `database.yml` にコピーして、適宜編集。
 
+ 4. Setup database
+
 <pre>
   # su postgres
   $ createdb --owner rails --encoding utf-8 openid-connect-sample_dev
@@ -62,30 +58,54 @@ To run this in development mode on your local machine:
   $ rails db:seed
 </pre>
 
-  If you have SQLite installed, `db:create` is not needed.
+  5. Copy `config/connect/facebook.yml.sample` to `facebook.yml`. And Google's.
+
+   Set `client_id` and `client_secret`
 
-* modify `config/connect/id_token/issuer.yml` -- change `issuer` to `http://localhost:3000`
+  6. Modify `config/connect/id_token/issuer.yml` -- change `issuer` value to `http://localhost:3000`
+
+  7. Run!
+
 ```
-  $ <kbd>bundle exec rails server -p 3000</kbd>
+  $ bin/yarn
+  $ bundle exec rails server -p 3000
 ```
 
-production 環境の場合は, 次のようにする.
+production 環境の場合は, まず、次のようにしてコンパイルする。
 
+```
   $ RAILS_ENV=production bin/rails assets:precompile
+```
 
 次のようなシェルスクリプトを作る
 
-```
+```bash
 export g_client_id=クライアントid
 export g_client_secret=クライアントsecret
 RAILS_ENV=production passenger start
 ```
 
 
+### 使い方
+
+ 1. Facebook または Google でログインする
+
+Admin user としてログインする。
+
+ 2. [Register New Client...] から, RPを登録する。
+
+redirect_uri は複数登録可能。
+
+ 3. RP側で, client_id, client_secret を登録する。
+
+
+To see it in action right now:
+
+* press "Discover"
+* the RP will use the OP to authenticate
+
+
 
-Facebook
-   Copy `config/connect/facebook.yml` from `facebook.yml.sample`
-   Set `client_id` and `client_secret`
 
 Point your browser at http://localhost:3000
 

app/controllers/discovery_controller.rb

@@ -46,7 +46,7 @@ def openid_configuration
     config = OpenIDConnect::Discovery::Provider::Config::Response.new(
       issuer: IdToken.config[:issuer],
       authorization_endpoint: new_authorization_url,
-      token_endpoint: tokens_url,
+      token_endpoint: access_tokens_url,
       userinfo_endpoint: user_info_url,
       jwks_uri: IdToken.config[:jwks_uri],
       #registration_endpoint: connect_client_url,

app/controllers/tokens_controller.rb

@@ -2,7 +2,7 @@
 
 # Token Endpoint
 # The Authorization Code Flow: アクセストークンと id token の二つを返す.
-class AccessTokensController < ApplicationController
+class TokensController < ApplicationController
   protect_from_forgery with: :null_session
 
   # POST /access_tokens
@@ -45,7 +45,7 @@ def token_endpoint
     end
   end
 
-end # class AccessTokensController
+end # class TokensController
 
 module Rack
   module OAuth2