diff options
| -rw-r--r-- | .editorconfig | 3 | ||||
| -rw-r--r-- | routers/routes/web.go | 1 | ||||
| -rw-r--r-- | routers/user/oauth.go | 10 | ||||
| -rw-r--r-- | templates/user/auth/oidc_wellknown.tmpl | 9 |
4 files changed, 23 insertions, 0 deletions
diff --git a/.editorconfig b/.editorconfig index b7ff926c34..0f8603e5a2 100644 --- a/.editorconfig +++ b/.editorconfig @@ -18,6 +18,9 @@ insert_final_newline = false [templates/swagger/v1_json.tmpl] indent_style = space +[templates/user/auth/oidc_wellknown.tmpl] +indent_style = space + [Makefile] indent_style = tab diff --git a/routers/routes/web.go b/routers/routes/web.go index 4815680c99..a8d64b4c44 100644 --- a/routers/routes/web.go +++ b/routers/routes/web.go @@ -336,6 +336,7 @@ func RegisterRoutes(m *web.Route) { // Routers. // for health check m.Get("/", routers.Home) + m.Get("/.well-known/openid-configuration", user.OIDCWellKnown) m.Group("/explore", func() { m.Get("", func(ctx *context.Context) { ctx.Redirect(setting.AppSubURL + "/explore/repos") diff --git a/routers/user/oauth.go b/routers/user/oauth.go index c8c846c687..ae06efd0c0 100644 --- a/routers/user/oauth.go +++ b/routers/user/oauth.go @@ -389,6 +389,16 @@ func GrantApplicationOAuth(ctx *context.Context) { ctx.Redirect(redirect.String(), 302) } +// OIDCWellKnown generates JSON so OIDC clients know Gitea's capabilities +func OIDCWellKnown(ctx *context.Context) { + t := ctx.Render.TemplateLookup("user/auth/oidc_wellknown") + ctx.Resp.Header().Set("Content-Type", "application/json") + if err := t.Execute(ctx.Resp, ctx.Data); err != nil { + log.Error("%v", err) + ctx.Error(http.StatusInternalServerError) + } +} + // AccessTokenOAuth manages all access token requests by the client func AccessTokenOAuth(ctx *context.Context) { form := *web.GetForm(ctx).(*forms.AccessTokenForm) diff --git a/templates/user/auth/oidc_wellknown.tmpl b/templates/user/auth/oidc_wellknown.tmpl new file mode 100644 index 0000000000..290ed4a71d --- /dev/null +++ b/templates/user/auth/oidc_wellknown.tmpl @@ -0,0 +1,9 @@ +{ + "issuer": "{{AppUrl | JSEscape | Safe}}", + "authorization_endpoint": "{{AppUrl | JSEscape | Safe}}login/oauth/authorize", + "token_endpoint": "{{AppUrl | JSEscape | Safe}}login/oauth/access_token", + "response_types_supported": [ + "code", + "id_token" + ] +} |