well-known openid configuration
This commit is contained in:
parent
d11403a073
commit
c82ed0e9aa
@ -37,7 +37,7 @@
|
||||
"reveal": "Reveal secret",
|
||||
"regenerate": "Regenerate secret",
|
||||
"activated": "Activated",
|
||||
"verified": "Verified",
|
||||
"verified": "Official",
|
||||
"scopes": "Available scopes",
|
||||
"scopesHint": "The level of access to information you will be needing for this application.",
|
||||
"grants": "Available grant types",
|
||||
|
6
src/params/wellKnown.ts
Normal file
6
src/params/wellKnown.ts
Normal file
@ -0,0 +1,6 @@
|
||||
import type { ParamMatcher } from '@sveltejs/kit';
|
||||
|
||||
export const match: ParamMatcher = (param) => {
|
||||
const isWellKnownPath = /^\.well-known$/i.test(param);
|
||||
return isWellKnownPath;
|
||||
};
|
13
src/routes/[...wellKnown=wellKnown]/jwks.json/+server.ts
Normal file
13
src/routes/[...wellKnown=wellKnown]/jwks.json/+server.ts
Normal file
@ -0,0 +1,13 @@
|
||||
import { JWT_ALGORITHM } from '$env/static/private';
|
||||
import { ApiUtils } from '$lib/server/api-utils';
|
||||
import { JWT } from '$lib/server/jwt';
|
||||
import { exportJWK } from 'jose';
|
||||
import { v4 as uuidv4 } from 'uuid';
|
||||
|
||||
const jwks = await exportJWK(JWT.publicKey);
|
||||
const kid = uuidv4({ random: Buffer.from(jwks.n as string).subarray(0, 16) });
|
||||
|
||||
export const GET = async () =>
|
||||
ApiUtils.json({
|
||||
keys: [{ alg: JWT_ALGORITHM, kid, ...jwks, use: 'sig' }]
|
||||
});
|
@ -0,0 +1,33 @@
|
||||
import { JWT_ALGORITHM, JWT_ISSUER } from '$env/static/private';
|
||||
import { PUBLIC_URL } from '$env/static/public';
|
||||
import { ApiUtils } from '$lib/server/api-utils';
|
||||
|
||||
export const GET = async () =>
|
||||
ApiUtils.json({
|
||||
issuer: JWT_ISSUER,
|
||||
authorization_endpoint: `${PUBLIC_URL}/oauth2/authorize`,
|
||||
token_endpoint: `${PUBLIC_URL}/oauth2/token`,
|
||||
jwks_uri: `${PUBLIC_URL}/.well-known/jwks.json`,
|
||||
userinfo_endpoint: `${PUBLIC_URL}/api/user`,
|
||||
introspection_endpoint: `${PUBLIC_URL}/oauth2/introspect`,
|
||||
response_types_supported: ['code', 'id_token'],
|
||||
id_token_signing_alg_values_supported: [JWT_ALGORITHM],
|
||||
subject_types_supported: ['public'],
|
||||
scopes_supported: ['openid', 'profile', 'picture', 'email'],
|
||||
claims_supported: [
|
||||
'aud',
|
||||
'exp',
|
||||
'iat',
|
||||
'iss',
|
||||
'sub',
|
||||
'name',
|
||||
'preferred_username',
|
||||
'nickname',
|
||||
'picture',
|
||||
'updated_at',
|
||||
'email',
|
||||
'email_verified'
|
||||
],
|
||||
code_challenge_methods_supported: ['plain', 'S256'],
|
||||
grant_types_supported: ['authorization_code', 'refresh_token']
|
||||
});
|
Loading…
Reference in New Issue
Block a user