diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/reclaim/plugin_rest_openid_connect.c | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 64782fb72..39eb9701a 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c | |||
@@ -41,12 +41,18 @@ | |||
41 | #include "gnunet_signatures.h" | 41 | #include "gnunet_signatures.h" |
42 | #include "microhttpd.h" | 42 | #include "microhttpd.h" |
43 | #include "oidc_helper.h" | 43 | #include "oidc_helper.h" |
44 | |||
44 | /** | 45 | /** |
45 | * REST root namespace | 46 | * REST root namespace |
46 | */ | 47 | */ |
47 | #define GNUNET_REST_API_NS_OIDC "/openid" | 48 | #define GNUNET_REST_API_NS_OIDC "/openid" |
48 | 49 | ||
49 | /** | 50 | /** |
51 | * OIDC config | ||
52 | */ | ||
53 | #define GNUNET_REST_API_NS_OIDC_CONFIG "/.well-known/openid-configuration" | ||
54 | |||
55 | /** | ||
50 | * Authorize endpoint | 56 | * Authorize endpoint |
51 | */ | 57 | */ |
52 | #define GNUNET_REST_API_NS_AUTHORIZE "/openid/authorize" | 58 | #define GNUNET_REST_API_NS_AUTHORIZE "/openid/authorize" |
@@ -2427,6 +2433,88 @@ list_ego (void *cls, | |||
2427 | } | 2433 | } |
2428 | 2434 | ||
2429 | 2435 | ||
2436 | static void | ||
2437 | oidc_config_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | ||
2438 | const char *url, | ||
2439 | void *cls) | ||
2440 | { | ||
2441 | json_t *oidc_config; | ||
2442 | json_t *auth_methods; | ||
2443 | json_t *sig_algs; | ||
2444 | json_t *scopes; | ||
2445 | json_t *response_types; | ||
2446 | json_t *sub_types; | ||
2447 | json_t *claim_types; | ||
2448 | char *oidc_config_str; | ||
2449 | struct MHD_Response *resp; | ||
2450 | struct RequestHandle *handle = cls; | ||
2451 | |||
2452 | oidc_config = json_object (); | ||
2453 | // FIXME get from config? | ||
2454 | json_object_set_new (oidc_config, | ||
2455 | "issuer", json_string ("https://api.reclaim")); | ||
2456 | json_object_set_new (oidc_config, | ||
2457 | "authorization_endpoint", | ||
2458 | json_string ("https://api.reclaim/openid/authorize")); | ||
2459 | json_object_set_new (oidc_config, | ||
2460 | "token_endpoint", | ||
2461 | json_string ("http://localhost:7776/openid/token")); | ||
2462 | auth_methods = json_array (); | ||
2463 | json_array_append_new (auth_methods, | ||
2464 | json_string ("client_secret_basic")); | ||
2465 | json_array_append_new (auth_methods, | ||
2466 | json_string ("client_secret_post")); | ||
2467 | json_object_set_new (oidc_config, | ||
2468 | "token_endpoint_auth_methods_supported", | ||
2469 | auth_methods); | ||
2470 | sig_algs = json_array (); | ||
2471 | json_array_append_new (sig_algs, | ||
2472 | json_string ("HS512")); | ||
2473 | json_object_set_new (oidc_config, | ||
2474 | "id_token_signing_alg_values_supported", | ||
2475 | sig_algs); | ||
2476 | json_object_set_new (oidc_config, | ||
2477 | "userinfo_endpoint", | ||
2478 | json_string ("http://localhost:7776/openid/userinfo")); | ||
2479 | scopes = json_array (); | ||
2480 | json_array_append_new (scopes, | ||
2481 | json_string ("openid")); | ||
2482 | json_array_append_new (scopes, | ||
2483 | json_string ("profile")); | ||
2484 | json_object_set_new (oidc_config, | ||
2485 | "scopes_supported", | ||
2486 | scopes); | ||
2487 | response_types = json_array (); | ||
2488 | json_array_append_new (response_types, | ||
2489 | json_string ("code")); | ||
2490 | json_object_set_new (oidc_config, | ||
2491 | "response_types_supported", | ||
2492 | response_types); | ||
2493 | sub_types = json_array (); | ||
2494 | json_array_append_new (sub_types, | ||
2495 | json_string ("public")); /* no pairwise suppport */ | ||
2496 | json_object_set_new (oidc_config, | ||
2497 | "subject_types_supported", | ||
2498 | sub_types); | ||
2499 | claim_types = json_array (); | ||
2500 | json_array_append_new (claim_types, | ||
2501 | json_string ("normal")); | ||
2502 | json_array_append_new (claim_types, | ||
2503 | json_string ("aggregated")); | ||
2504 | json_object_set_new (oidc_config, | ||
2505 | "claim_types_supported", | ||
2506 | claim_types); | ||
2507 | json_object_set_new (oidc_config, | ||
2508 | "claims_parameter_supported", | ||
2509 | json_boolean (1)); | ||
2510 | oidc_config_str = json_dumps (oidc_config, JSON_INDENT (1)); | ||
2511 | resp = GNUNET_REST_create_response (oidc_config_str); | ||
2512 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
2513 | GNUNET_free (oidc_config_str); | ||
2514 | cleanup_handle (handle); | ||
2515 | } | ||
2516 | |||
2517 | |||
2430 | static enum GNUNET_GenericReturnValue | 2518 | static enum GNUNET_GenericReturnValue |
2431 | rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, | 2519 | rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, |
2432 | GNUNET_REST_ResultProcessor proc, | 2520 | GNUNET_REST_ResultProcessor proc, |
@@ -2442,6 +2530,8 @@ rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, | |||
2442 | { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint }, | 2530 | { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint }, |
2443 | { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint }, | 2531 | { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint }, |
2444 | { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint }, | 2532 | { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint }, |
2533 | { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_OIDC_CONFIG, | ||
2534 | &oidc_config_endpoint }, | ||
2445 | { MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_OIDC, &options_cont }, | 2535 | { MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_OIDC, &options_cont }, |
2446 | GNUNET_REST_HANDLER_END }; | 2536 | GNUNET_REST_HANDLER_END }; |
2447 | 2537 | ||