|
|
@@ -0,0 +1,49 @@
|
|
|
+package sso
|
|
|
+
|
|
|
+import (
|
|
|
+ "encoding/json"
|
|
|
+ "net/http"
|
|
|
+)
|
|
|
+
|
|
|
+type OpenIDConfiguration struct {
|
|
|
+ Issuer string `json:"issuer"`
|
|
|
+ AuthorizationEndpoint string `json:"authorization_endpoint"`
|
|
|
+ TokenEndpoint string `json:"token_endpoint"`
|
|
|
+ JwksUri string `json:"jwks_uri"`
|
|
|
+ ResponseTypesSupported []string `json:"response_types_supported"`
|
|
|
+ SubjectTypesSupported []string `json:"subject_types_supported"`
|
|
|
+ IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`
|
|
|
+ ClaimsSupported []string `json:"claims_supported"`
|
|
|
+}
|
|
|
+
|
|
|
+func (h *SSOHandler) HandleDiscoveryRequest(w http.ResponseWriter, r *http.Request) {
|
|
|
+ //Handle the discovery request
|
|
|
+ discovery := OpenIDConfiguration{
|
|
|
+ Issuer: "https://" + h.Config.AuthURL,
|
|
|
+ AuthorizationEndpoint: "https://" + h.Config.AuthURL + "/oauth2/auth",
|
|
|
+ TokenEndpoint: "https://" + h.Config.AuthURL + "/oauth2/token",
|
|
|
+ JwksUri: "https://" + h.Config.AuthURL + "/jwks.json",
|
|
|
+ ResponseTypesSupported: []string{"code", "token"},
|
|
|
+ SubjectTypesSupported: []string{"public"},
|
|
|
+ IDTokenSigningAlgValuesSupported: []string{
|
|
|
+ "RS256",
|
|
|
+ },
|
|
|
+ ClaimsSupported: []string{
|
|
|
+ "sub", //Subject, usually the user ID
|
|
|
+ "iss", //Issuer, usually the server URL
|
|
|
+ "aud", //Audience, usually the client ID
|
|
|
+ "exp", //Expiration Time
|
|
|
+ "iat", //Issued At
|
|
|
+ "email", //Email
|
|
|
+ "locale", //Locale
|
|
|
+ "name", //Full Name
|
|
|
+ "nickname", //Nickname
|
|
|
+ "preferred_username", //Preferred Username
|
|
|
+ "website", //Website
|
|
|
+ },
|
|
|
+ }
|
|
|
+
|
|
|
+ //Write the response
|
|
|
+ js, _ := json.Marshal(discovery)
|
|
|
+ w.Write(js)
|
|
|
+}
|
Toby Chui