* add well-known config for OIDC * spacing per feedback * Update oidc_wellknown.tmpl * add id_token * Update oidc_wellknown.tmpl Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>tags/v1.15.0-rc1
@@ -18,6 +18,9 @@ insert_final_newline = false | |||
[templates/swagger/v1_json.tmpl] | |||
indent_style = space | |||
[templates/user/auth/oidc_wellknown.tmpl] | |||
indent_style = space | |||
[Makefile] | |||
indent_style = tab | |||
@@ -336,6 +336,7 @@ func RegisterRoutes(m *web.Route) { | |||
// Routers. | |||
// for health check | |||
m.Get("/", routers.Home) | |||
m.Get("/.well-known/openid-configuration", user.OIDCWellKnown) | |||
m.Group("/explore", func() { | |||
m.Get("", func(ctx *context.Context) { | |||
ctx.Redirect(setting.AppSubURL + "/explore/repos") |
@@ -389,6 +389,16 @@ func GrantApplicationOAuth(ctx *context.Context) { | |||
ctx.Redirect(redirect.String(), 302) | |||
} | |||
// OIDCWellKnown generates JSON so OIDC clients know Gitea's capabilities | |||
func OIDCWellKnown(ctx *context.Context) { | |||
t := ctx.Render.TemplateLookup("user/auth/oidc_wellknown") | |||
ctx.Resp.Header().Set("Content-Type", "application/json") | |||
if err := t.Execute(ctx.Resp, ctx.Data); err != nil { | |||
log.Error("%v", err) | |||
ctx.Error(http.StatusInternalServerError) | |||
} | |||
} | |||
// AccessTokenOAuth manages all access token requests by the client | |||
func AccessTokenOAuth(ctx *context.Context) { | |||
form := *web.GetForm(ctx).(*forms.AccessTokenForm) |
@@ -0,0 +1,9 @@ | |||
{ | |||
"issuer": "{{AppUrl | JSEscape | Safe}}", | |||
"authorization_endpoint": "{{AppUrl | JSEscape | Safe}}login/oauth/authorize", | |||
"token_endpoint": "{{AppUrl | JSEscape | Safe}}login/oauth/access_token", | |||
"response_types_supported": [ | |||
"code", | |||
"id_token" | |||
] | |||
} |