From 332269ecf9de59d1f6e1d777402266b046cdd5b4 Mon Sep 17 00:00:00 2001
From: Lakhan Samani <lakhan.m.samani@gmail.com>
Date: Wed, 23 Feb 2022 11:24:52 +0530
Subject: [PATCH] feat: add well-known config endpoint

---
 server/handlers/openid_config.go | 37 ++++++++++++++++++++++++++++++++
 server/routes/routes.go          |  2 ++
 2 files changed, 39 insertions(+)
 create mode 100644 server/handlers/openid_config.go

diff --git a/server/handlers/openid_config.go b/server/handlers/openid_config.go
new file mode 100644
index 0000000..9c22e39
--- /dev/null
+++ b/server/handlers/openid_config.go
@@ -0,0 +1,37 @@
+package handlers
+
+import (
+	"strings"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/envstore"
+	"github.com/authorizerdev/authorizer/server/utils"
+)
+
+// OpenIDConfigurationHandler handler for open-id configurations
+func OpenIDConfigurationHandler() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if strings.Contains(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtType), "HS") {
+			c.JSON(400, gin.H{"error": "openid not supported for HSA algorithm"})
+			return
+		}
+
+		issuer := utils.GetHost(c)
+		jwtType := envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtType)
+
+		c.JSON(200, gin.H{
+			"issuer":                                issuer,
+			"authorization_endpoint":                issuer + "/authorize",
+			"token_endpoint":                        issuer + "/oauth/token",
+			"userinfo_endpoint":                     issuer + "/userinfo",
+			"jwks_uri":                              issuer + "/jwks.json",
+			"response_types_supported":              []string{"code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token"},
+			"scopes_supported":                      []string{"openid", "email", "profile", "email_verified", "given_name", "family_name", "nick_name", "picture"},
+			"response_modes_supported":              []string{"query", "fragment", "form_post"},
+			"id_token_signing_alg_values_supported": []string{jwtType},
+			"claims_supported":                      []string{"aud", "exp", "iss", "iat", "sub", "given_name", "family_name", "middle_name", "nickname", "preferred_username", "picture", "email", "email_verified", "roles", "gender", "birthdate", "phone_number", "phone_number_verified"},
+		})
+	}
+}
diff --git a/server/routes/routes.go b/server/routes/routes.go
index d957f86..23ee36e 100644
--- a/server/routes/routes.go
+++ b/server/routes/routes.go
@@ -20,6 +20,8 @@ func InitRouter() *gin.Engine {
 	router.GET("/oauth_login/:oauth_provider", handlers.OAuthLoginHandler())
 	router.GET("/oauth_callback/:oauth_provider", handlers.OAuthCallbackHandler())
 	router.GET("/verify_email", handlers.VerifyEmailHandler())
+	// OPEN ID routes
+	router.GET("/.well-known/openid-configuration", handlers.OpenIDConfigurationHandler())
 
 	router.LoadHTMLGlob("templates/*")
 	// login page app related routes.