mirror of https://github.com/go-gitea/gitea.git
add well-known config for OIDC (#15355)
* add well-known config for OIDC * spacing per feedback * Update oidc_wellknown.tmpl * add id_token * Update oidc_wellknown.tmpl Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This commit is contained in:
parent
6a7090b41d
commit
024ef3940f
|
@ -18,6 +18,9 @@ insert_final_newline = false
|
||||||
[templates/swagger/v1_json.tmpl]
|
[templates/swagger/v1_json.tmpl]
|
||||||
indent_style = space
|
indent_style = space
|
||||||
|
|
||||||
|
[templates/user/auth/oidc_wellknown.tmpl]
|
||||||
|
indent_style = space
|
||||||
|
|
||||||
[Makefile]
|
[Makefile]
|
||||||
indent_style = tab
|
indent_style = tab
|
||||||
|
|
||||||
|
|
|
@ -336,6 +336,7 @@ func RegisterRoutes(m *web.Route) {
|
||||||
// Routers.
|
// Routers.
|
||||||
// for health check
|
// for health check
|
||||||
m.Get("/", routers.Home)
|
m.Get("/", routers.Home)
|
||||||
|
m.Get("/.well-known/openid-configuration", user.OIDCWellKnown)
|
||||||
m.Group("/explore", func() {
|
m.Group("/explore", func() {
|
||||||
m.Get("", func(ctx *context.Context) {
|
m.Get("", func(ctx *context.Context) {
|
||||||
ctx.Redirect(setting.AppSubURL + "/explore/repos")
|
ctx.Redirect(setting.AppSubURL + "/explore/repos")
|
||||||
|
|
|
@ -389,6 +389,16 @@ func GrantApplicationOAuth(ctx *context.Context) {
|
||||||
ctx.Redirect(redirect.String(), 302)
|
ctx.Redirect(redirect.String(), 302)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// OIDCWellKnown generates JSON so OIDC clients know Gitea's capabilities
|
||||||
|
func OIDCWellKnown(ctx *context.Context) {
|
||||||
|
t := ctx.Render.TemplateLookup("user/auth/oidc_wellknown")
|
||||||
|
ctx.Resp.Header().Set("Content-Type", "application/json")
|
||||||
|
if err := t.Execute(ctx.Resp, ctx.Data); err != nil {
|
||||||
|
log.Error("%v", err)
|
||||||
|
ctx.Error(http.StatusInternalServerError)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// AccessTokenOAuth manages all access token requests by the client
|
// AccessTokenOAuth manages all access token requests by the client
|
||||||
func AccessTokenOAuth(ctx *context.Context) {
|
func AccessTokenOAuth(ctx *context.Context) {
|
||||||
form := *web.GetForm(ctx).(*forms.AccessTokenForm)
|
form := *web.GetForm(ctx).(*forms.AccessTokenForm)
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
{
|
||||||
|
"issuer": "{{AppUrl | JSEscape | Safe}}",
|
||||||
|
"authorization_endpoint": "{{AppUrl | JSEscape | Safe}}login/oauth/authorize",
|
||||||
|
"token_endpoint": "{{AppUrl | JSEscape | Safe}}login/oauth/access_token",
|
||||||
|
"response_types_supported": [
|
||||||
|
"code",
|
||||||
|
"id_token"
|
||||||
|
]
|
||||||
|
}
|
Loading…
Reference in New Issue