Add a link to OpenID Issuer URL in WebFinger response (#26000)

This change adds an entry to the `links` field of the `/.well-known/webfinger` response. The new entry points to the `appURL` as an OpenID issuer. This is consistent with the output of `/.well-known/openid-configuration`, which also uses the value of `appURL`. This change is required for Tailscale SSO to work, as it uses the OpenID Issuer URL when querying the Tailscale user email during signup/login ([docs](https://tailscale.com/kb/1240/sso-custom-oidc/#webfinger-setup)).
author: Noah Snelson <noah.snelson@protonmail.com> 2023-07-20 01:02:45 -0700
committer: GitHub <noreply@github.com> 2023-07-20 16:02:45 +0800
commit: df55f9b189174767296e562389948e5250f1df73 (patch)
tree: b734b612c7cb3d145dbfe376d78419cca846e1c4
parent: 01c04607c76391e09620c6f2475b722207d2ee73 (diff)
download: gitea-df55f9b189174767296e562389948e5250f1df73.tar.gz
gitea-df55f9b189174767296e562389948e5250f1df73.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/routers/web/webfinger.go b/routers/web/webfinger.go
index 0966b04951..faa35b8d2f 100644
--- a/routers/web/webfinger.go
+++ b/routers/web/webfinger.go
@@ -106,6 +106,10 @@ func WebfingerQuery(ctx *context.Context) {
 			Type: "application/activity+json",
 			Href: appURL.String() + "api/v1/activitypub/user-id/" + fmt.Sprint(u.ID),
 		},
+		{
+			Rel:  "http://openid.net/specs/connect/1.0/issuer",
+			Href: appURL.String(),
+		},
 	}
 
 	ctx.Resp.Header().Add("Access-Control-Allow-Origin", "*")
author	Noah Snelson <noah.snelson@protonmail.com>	2023-07-20 01:02:45 -0700
committer	GitHub <noreply@github.com>	2023-07-20 16:02:45 +0800
commit	df55f9b189174767296e562389948e5250f1df73 (patch)
tree	b734b612c7cb3d145dbfe376d78419cca846e1c4
parent	01c04607c76391e09620c6f2475b722207d2ee73 (diff)
download	gitea-df55f9b189174767296e562389948e5250f1df73.tar.gz gitea-df55f9b189174767296e562389948e5250f1df73.zip