well-known openid configuration

This commit is contained in:
Evert Prants 2024-06-02 13:14:29 +03:00
parent d11403a073
commit c82ed0e9aa
Signed by: evert
GPG Key ID: 1688DA83D222D0B5
4 changed files with 53 additions and 1 deletions

View File

@ -37,7 +37,7 @@
"reveal": "Reveal secret",
"regenerate": "Regenerate secret",
"activated": "Activated",
"verified": "Verified",
"verified": "Official",
"scopes": "Available scopes",
"scopesHint": "The level of access to information you will be needing for this application.",
"grants": "Available grant types",

6
src/params/wellKnown.ts Normal file
View File

@ -0,0 +1,6 @@
import type { ParamMatcher } from '@sveltejs/kit';
export const match: ParamMatcher = (param) => {
const isWellKnownPath = /^\.well-known$/i.test(param);
return isWellKnownPath;
};

View File

@ -0,0 +1,13 @@
import { JWT_ALGORITHM } from '$env/static/private';
import { ApiUtils } from '$lib/server/api-utils';
import { JWT } from '$lib/server/jwt';
import { exportJWK } from 'jose';
import { v4 as uuidv4 } from 'uuid';
const jwks = await exportJWK(JWT.publicKey);
const kid = uuidv4({ random: Buffer.from(jwks.n as string).subarray(0, 16) });
export const GET = async () =>
ApiUtils.json({
keys: [{ alg: JWT_ALGORITHM, kid, ...jwks, use: 'sig' }]
});

View File

@ -0,0 +1,33 @@
import { JWT_ALGORITHM, JWT_ISSUER } from '$env/static/private';
import { PUBLIC_URL } from '$env/static/public';
import { ApiUtils } from '$lib/server/api-utils';
export const GET = async () =>
ApiUtils.json({
issuer: JWT_ISSUER,
authorization_endpoint: `${PUBLIC_URL}/oauth2/authorize`,
token_endpoint: `${PUBLIC_URL}/oauth2/token`,
jwks_uri: `${PUBLIC_URL}/.well-known/jwks.json`,
userinfo_endpoint: `${PUBLIC_URL}/api/user`,
introspection_endpoint: `${PUBLIC_URL}/oauth2/introspect`,
response_types_supported: ['code', 'id_token'],
id_token_signing_alg_values_supported: [JWT_ALGORITHM],
subject_types_supported: ['public'],
scopes_supported: ['openid', 'profile', 'picture', 'email'],
claims_supported: [
'aud',
'exp',
'iat',
'iss',
'sub',
'name',
'preferred_username',
'nickname',
'picture',
'updated_at',
'email',
'email_verified'
],
code_challenge_methods_supported: ['plain', 'S256'],
grant_types_supported: ['authorization_code', 'refresh_token']
});