well-known openid configuration
This commit is contained in:
parent
d11403a073
commit
c82ed0e9aa
GPG Key ID:
1688DA83D222D0B5
@ -37,7 +37,7 @@
|
|||||||
"reveal": "Reveal secret",
|
"reveal": "Reveal secret",
|
||||||
"regenerate": "Regenerate secret",
|
"regenerate": "Regenerate secret",
|
||||||
"activated": "Activated",
|
"activated": "Activated",
|
||||||
"verified": "Verified",
|
"verified": "Official",
|
||||||
"scopes": "Available scopes",
|
"scopes": "Available scopes",
|
||||||
"scopesHint": "The level of access to information you will be needing for this application.",
|
"scopesHint": "The level of access to information you will be needing for this application.",
|
||||||
"grants": "Available grant types",
|
"grants": "Available grant types",
|
||||||
|
|||||||
6
src/params/wellKnown.ts
Normal file
6
src/params/wellKnown.ts
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
import type { ParamMatcher } from '@sveltejs/kit';
|
||||||
|
|
||||||
|
export const match: ParamMatcher = (param) => {
|
||||||
|
const isWellKnownPath = /^\.well-known$/i.test(param);
|
||||||
|
return isWellKnownPath;
|
||||||
|
};
|
||||||
13
src/routes/[...wellKnown=wellKnown]/jwks.json/+server.ts
Normal file
13
src/routes/[...wellKnown=wellKnown]/jwks.json/+server.ts
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
import { JWT_ALGORITHM } from '$env/static/private';
|
||||||
|
import { ApiUtils } from '$lib/server/api-utils';
|
||||||
|
import { JWT } from '$lib/server/jwt';
|
||||||
|
import { exportJWK } from 'jose';
|
||||||
|
import { v4 as uuidv4 } from 'uuid';
|
||||||
|
|
||||||
|
const jwks = await exportJWK(JWT.publicKey);
|
||||||
|
const kid = uuidv4({ random: Buffer.from(jwks.n as string).subarray(0, 16) });
|
||||||
|
|
||||||
|
export const GET = async () =>
|
||||||
|
ApiUtils.json({
|
||||||
|
keys: [{ alg: JWT_ALGORITHM, kid, ...jwks, use: 'sig' }]
|
||||||
|
});
|
||||||
@ -0,0 +1,33 @@
|
|||||||
|
import { JWT_ALGORITHM, JWT_ISSUER } from '$env/static/private';
|
||||||
|
import { PUBLIC_URL } from '$env/static/public';
|
||||||
|
import { ApiUtils } from '$lib/server/api-utils';
|
||||||
|
|
||||||
|
export const GET = async () =>
|
||||||
|
ApiUtils.json({
|
||||||
|
issuer: JWT_ISSUER,
|
||||||
|
authorization_endpoint: `${PUBLIC_URL}/oauth2/authorize`,
|
||||||
|
token_endpoint: `${PUBLIC_URL}/oauth2/token`,
|
||||||
|
jwks_uri: `${PUBLIC_URL}/.well-known/jwks.json`,
|
||||||
|
userinfo_endpoint: `${PUBLIC_URL}/api/user`,
|
||||||
|
introspection_endpoint: `${PUBLIC_URL}/oauth2/introspect`,
|
||||||
|
response_types_supported: ['code', 'id_token'],
|
||||||
|
id_token_signing_alg_values_supported: [JWT_ALGORITHM],
|
||||||
|
subject_types_supported: ['public'],
|
||||||
|
scopes_supported: ['openid', 'profile', 'picture', 'email'],
|
||||||
|
claims_supported: [
|
||||||
|
'aud',
|
||||||
|
'exp',
|
||||||
|
'iat',
|
||||||
|
'iss',
|
||||||
|
'sub',
|
||||||
|
'name',
|
||||||
|
'preferred_username',
|
||||||
|
'nickname',
|
||||||
|
'picture',
|
||||||
|
'updated_at',
|
||||||
|
'email',
|
||||||
|
'email_verified'
|
||||||
|
],
|
||||||
|
code_challenge_methods_supported: ['plain', 'S256'],
|
||||||
|
grant_types_supported: ['authorization_code', 'refresh_token']
|
||||||
|
});
|
||||||
Loading…
Reference in New Issue
Block a user