aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/reclaim/plugin_rest_openid_connect.c90
1 files changed, 90 insertions, 0 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c
index 64782fb72..39eb9701a 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -41,12 +41,18 @@
41#include "gnunet_signatures.h" 41#include "gnunet_signatures.h"
42#include "microhttpd.h" 42#include "microhttpd.h"
43#include "oidc_helper.h" 43#include "oidc_helper.h"
44
44/** 45/**
45 * REST root namespace 46 * REST root namespace
46 */ 47 */
47#define GNUNET_REST_API_NS_OIDC "/openid" 48#define GNUNET_REST_API_NS_OIDC "/openid"
48 49
49/** 50/**
51 * OIDC config
52 */
53#define GNUNET_REST_API_NS_OIDC_CONFIG "/.well-known/openid-configuration"
54
55/**
50 * Authorize endpoint 56 * Authorize endpoint
51 */ 57 */
52#define GNUNET_REST_API_NS_AUTHORIZE "/openid/authorize" 58#define GNUNET_REST_API_NS_AUTHORIZE "/openid/authorize"
@@ -2427,6 +2433,88 @@ list_ego (void *cls,
2427} 2433}
2428 2434
2429 2435
2436static void
2437oidc_config_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2438 const char *url,
2439 void *cls)
2440{
2441 json_t *oidc_config;
2442 json_t *auth_methods;
2443 json_t *sig_algs;
2444 json_t *scopes;
2445 json_t *response_types;
2446 json_t *sub_types;
2447 json_t *claim_types;
2448 char *oidc_config_str;
2449 struct MHD_Response *resp;
2450 struct RequestHandle *handle = cls;
2451
2452 oidc_config = json_object ();
2453 // FIXME get from config?
2454 json_object_set_new (oidc_config,
2455 "issuer", json_string ("https://api.reclaim"));
2456 json_object_set_new (oidc_config,
2457 "authorization_endpoint",
2458 json_string ("https://api.reclaim/openid/authorize"));
2459 json_object_set_new (oidc_config,
2460 "token_endpoint",
2461 json_string ("http://localhost:7776/openid/token"));
2462 auth_methods = json_array ();
2463 json_array_append_new (auth_methods,
2464 json_string ("client_secret_basic"));
2465 json_array_append_new (auth_methods,
2466 json_string ("client_secret_post"));
2467 json_object_set_new (oidc_config,
2468 "token_endpoint_auth_methods_supported",
2469 auth_methods);
2470 sig_algs = json_array ();
2471 json_array_append_new (sig_algs,
2472 json_string ("HS512"));
2473 json_object_set_new (oidc_config,
2474 "id_token_signing_alg_values_supported",
2475 sig_algs);
2476 json_object_set_new (oidc_config,
2477 "userinfo_endpoint",
2478 json_string ("http://localhost:7776/openid/userinfo"));
2479 scopes = json_array ();
2480 json_array_append_new (scopes,
2481 json_string ("openid"));
2482 json_array_append_new (scopes,
2483 json_string ("profile"));
2484 json_object_set_new (oidc_config,
2485 "scopes_supported",
2486 scopes);
2487 response_types = json_array ();
2488 json_array_append_new (response_types,
2489 json_string ("code"));
2490 json_object_set_new (oidc_config,
2491 "response_types_supported",
2492 response_types);
2493 sub_types = json_array ();
2494 json_array_append_new (sub_types,
2495 json_string ("public")); /* no pairwise suppport */
2496 json_object_set_new (oidc_config,
2497 "subject_types_supported",
2498 sub_types);
2499 claim_types = json_array ();
2500 json_array_append_new (claim_types,
2501 json_string ("normal"));
2502 json_array_append_new (claim_types,
2503 json_string ("aggregated"));
2504 json_object_set_new (oidc_config,
2505 "claim_types_supported",
2506 claim_types);
2507 json_object_set_new (oidc_config,
2508 "claims_parameter_supported",
2509 json_boolean (1));
2510 oidc_config_str = json_dumps (oidc_config, JSON_INDENT (1));
2511 resp = GNUNET_REST_create_response (oidc_config_str);
2512 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
2513 GNUNET_free (oidc_config_str);
2514 cleanup_handle (handle);
2515}
2516
2517
2430static enum GNUNET_GenericReturnValue 2518static enum GNUNET_GenericReturnValue
2431rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, 2519rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle,
2432 GNUNET_REST_ResultProcessor proc, 2520 GNUNET_REST_ResultProcessor proc,
@@ -2442,6 +2530,8 @@ rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle,
2442 { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint }, 2530 { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint },
2443 { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint }, 2531 { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint },
2444 { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint }, 2532 { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint },
2533 { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_OIDC_CONFIG,
2534 &oidc_config_endpoint },
2445 { MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_OIDC, &options_cont }, 2535 { MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_OIDC, &options_cont },
2446 GNUNET_REST_HANDLER_END }; 2536 GNUNET_REST_HANDLER_END };
2447 2537