well-known openid configuration

2024-06-02 13:14:29 +03:00 · 2024-06-02 13:14:29 +03:00 · c82ed0e9aa
commit c82ed0e9aa
parent d11403a073
4 changed files with 53 additions and 1 deletions
--- a/src/lib/i18n/en/admin.json
+++ b/src/lib/i18n/en/admin.json
@ -37,7 +37,7 @@
    "reveal": "Reveal secret",
    "regenerate": "Regenerate secret",
    "activated": "Activated",
-    "verified": "Verified",
+    "verified": "Official",
    "scopes": "Available scopes",
    "scopesHint": "The level of access to information you will be needing for this application.",
    "grants": "Available grant types",
--- a/src/params/wellKnown.ts
+++ b/src/params/wellKnown.ts
@ -0,0 +1,6 @@
+import type { ParamMatcher } from '@sveltejs/kit';
+
+export const match: ParamMatcher = (param) => {
+	const isWellKnownPath = /^\.well-known$/i.test(param);
+	return isWellKnownPath;
+};
--- a/src/routes/[...wellKnown=wellKnown]/jwks.json/+server.ts
+++ b/src/routes/[...wellKnown=wellKnown]/jwks.json/+server.ts
@ -0,0 +1,13 @@
+import { JWT_ALGORITHM } from '$env/static/private';
+import { ApiUtils } from '$lib/server/api-utils';
+import { JWT } from '$lib/server/jwt';
+import { exportJWK } from 'jose';
+import { v4 as uuidv4 } from 'uuid';
+
+const jwks = await exportJWK(JWT.publicKey);
+const kid = uuidv4({ random: Buffer.from(jwks.n as string).subarray(0, 16) });
+
+export const GET = async () =>
+	ApiUtils.json({
+		keys: [{ alg: JWT_ALGORITHM, kid, ...jwks, use: 'sig' }]
+	});
--- a/src/routes/[...wellKnown=wellKnown]/openid-configuration/+server.ts
+++ b/src/routes/[...wellKnown=wellKnown]/openid-configuration/+server.ts
@ -0,0 +1,33 @@
+import { JWT_ALGORITHM, JWT_ISSUER } from '$env/static/private';
+import { PUBLIC_URL } from '$env/static/public';
+import { ApiUtils } from '$lib/server/api-utils';
+
+export const GET = async () =>
+	ApiUtils.json({
+		issuer: JWT_ISSUER,
+		authorization_endpoint: `${PUBLIC_URL}/oauth2/authorize`,
+		token_endpoint: `${PUBLIC_URL}/oauth2/token`,
+		jwks_uri: `${PUBLIC_URL}/.well-known/jwks.json`,
+		userinfo_endpoint: `${PUBLIC_URL}/api/user`,
+		introspection_endpoint: `${PUBLIC_URL}/oauth2/introspect`,
+		response_types_supported: ['code', 'id_token'],
+		id_token_signing_alg_values_supported: [JWT_ALGORITHM],
+		subject_types_supported: ['public'],
+		scopes_supported: ['openid', 'profile', 'picture', 'email'],
+		claims_supported: [
+			'aud',
+			'exp',
+			'iat',
+			'iss',
+			'sub',
+			'name',
+			'preferred_username',
+			'nickname',
+			'picture',
+			'updated_at',
+			'email',
+			'email_verified'
+		],
+		code_challenge_methods_supported: ['plain', 'S256'],
+		grant_types_supported: ['authorization_code', 'refresh_token']
+	});