* add well-known config for OIDC * spacing per feedback * Update oidc_wellknown.tmpl * add id_token * Update oidc_wellknown.tmpl Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>tags/v1.15.0-rc1
[templates/swagger/v1_json.tmpl] | [templates/swagger/v1_json.tmpl] | ||||
indent_style = space | indent_style = space | ||||
[templates/user/auth/oidc_wellknown.tmpl] | |||||
indent_style = space | |||||
[Makefile] | [Makefile] | ||||
indent_style = tab | indent_style = tab | ||||
// Routers. | // Routers. | ||||
// for health check | // for health check | ||||
m.Get("/", routers.Home) | m.Get("/", routers.Home) | ||||
m.Get("/.well-known/openid-configuration", user.OIDCWellKnown) | |||||
m.Group("/explore", func() { | m.Group("/explore", func() { | ||||
m.Get("", func(ctx *context.Context) { | m.Get("", func(ctx *context.Context) { | ||||
ctx.Redirect(setting.AppSubURL + "/explore/repos") | ctx.Redirect(setting.AppSubURL + "/explore/repos") |
ctx.Redirect(redirect.String(), 302) | ctx.Redirect(redirect.String(), 302) | ||||
} | } | ||||
// OIDCWellKnown generates JSON so OIDC clients know Gitea's capabilities | |||||
func OIDCWellKnown(ctx *context.Context) { | |||||
t := ctx.Render.TemplateLookup("user/auth/oidc_wellknown") | |||||
ctx.Resp.Header().Set("Content-Type", "application/json") | |||||
if err := t.Execute(ctx.Resp, ctx.Data); err != nil { | |||||
log.Error("%v", err) | |||||
ctx.Error(http.StatusInternalServerError) | |||||
} | |||||
} | |||||
// AccessTokenOAuth manages all access token requests by the client | // AccessTokenOAuth manages all access token requests by the client | ||||
func AccessTokenOAuth(ctx *context.Context) { | func AccessTokenOAuth(ctx *context.Context) { | ||||
form := *web.GetForm(ctx).(*forms.AccessTokenForm) | form := *web.GetForm(ctx).(*forms.AccessTokenForm) |
{ | |||||
"issuer": "{{AppUrl | JSEscape | Safe}}", | |||||
"authorization_endpoint": "{{AppUrl | JSEscape | Safe}}login/oauth/authorize", | |||||
"token_endpoint": "{{AppUrl | JSEscape | Safe}}login/oauth/access_token", | |||||
"response_types_supported": [ | |||||
"code", | |||||
"id_token" | |||||
] | |||||
} |