search

authlib / example-oidc-server

Example for OpenID Connect 1.0 Server for Authlib.
https://authlib.org/
62 stars 33 forks source link

Add OIDC Discovery support #11

Open dwt opened 3 years ago

dwt commented 3 years ago

This makes it massively easier to integrate with existing oidc clients.

After getting the the jwks_uri endpoint to work as described in #2 I added this handler to get auto discovery to work:

@bp.route("/.well-known/openid-configuration")
def well_known_openid_configuration():
    def external_url(function_name):
        return url_for(function_name, _external=True)

    return jsonify({
        "authorization_endpoint": external_url('.authorize_endpoint'),
        "token_endpoint": external_url('.token_endpoint'),
        "userinfo_endpoint": external_url('.userinfo_endpoint'),
        "jwks_uri": external_url('.jwks_endpoint'),
        # Do I even need this one?
        # IMO the OIDC server doesn't have a concept of a user being still logged in? --mh
        # "end_session_endpoint": "http://oidc:4000/openid/end-session",
        "id_token_signing_alg_values_supported": [
            "HS256",
            "RS256"
        ],
        "issuer": JWT_CONFIG['iss'],
        "response_types_supported": [
            "code",
            # TODO check what it takes to support these too
            # "id_token",
            # "id_token token",
            # "code token",
            # "code id_token",
            # "code id_token token"
        ],
        "subject_types_supported": [
            "public"
        ],
        "token_endpoint_auth_methods_supported": [
            # TODO is supporting both a good idea? --mh
            "client_secret_post",
            "client_secret_basic"
        ],
    })

@lepture is there a way to add this to the example code? Or use this a starting point to add it? (I'm not particularly sure this is even right).

dwt commented 3 years ago

@lepture ping?

dwt commented 2 years ago

@lepture Hey, how about some feedback?