From e80c791f923df639d004e0059492eb31c3d8b93d Mon Sep 17 00:00:00 2001
From: Sonia Zorba <sonia.zorba@inaf.it>
Date: Wed, 5 May 2021 17:08:01 +0200
Subject: [PATCH] Added .well-known/openid-configuration endpoint

---
 classes/OIDCDiscoveryGenerator.php | 34 ++++++++++++++++++++++++++++++
 include/front-controller.php       |  6 ++++++
 2 files changed, 40 insertions(+)
 create mode 100644 classes/OIDCDiscoveryGenerator.php

diff --git a/classes/OIDCDiscoveryGenerator.php b/classes/OIDCDiscoveryGenerator.php
new file mode 100644
index 0000000..1eac459
--- /dev/null
+++ b/classes/OIDCDiscoveryGenerator.php
@@ -0,0 +1,34 @@
+<?php
+
+namespace RAP;
+
+class OIDCDiscoveryGenerator {
+
+    private $locator;
+
+    public function __construct(Locator $locator) {
+        $this->locator = $locator;
+    }
+
+    public function getConfiguration() {
+
+        $config = $this->locator->config;
+
+        $discoveryConfig = [];
+
+        $host = filter_input(INPUT_SERVER, 'HTTP_HOST', FILTER_SANITIZE_STRING);
+        $baseUrl = 'https://' . $host . $config->contextRoot;
+
+        $discoveryConfig['issuer'] = $baseUrl;
+        $discoveryConfig['authorization_endpoint'] = $baseUrl . '/auth/oauth2/authorize';
+        $discoveryConfig['token_endpoint'] = $baseUrl . '/auth/oauth2/token';
+        $discoveryConfig['jwks_uri'] = $baseUrl . '/auth/oidc/jwks';
+        $discoveryConfig['scopes_supported'] = ['openid', 'email', 'profile'];
+        $discoveryConfig['grant_types_supported'] = ['authorization_code', 'client_credentials', 'refresh_token', 'urn:ietf:params:oauth:grant-type:token-exchange'];
+        $discoveryConfig['id_token_signing_alg_values_supported'] = ['RS256'];
+        $discoveryConfig['claims_supported'] = ['sub', 'iss', 'iat', 'exp', 'name', 'aud', 'email', 'given_name', 'family_name', 'org'];
+
+        return $discoveryConfig;
+    }
+
+}
diff --git a/include/front-controller.php b/include/front-controller.php
index ed05c7d..7d7180f 100644
--- a/include/front-controller.php
+++ b/include/front-controller.php
@@ -70,6 +70,12 @@ function renderMainPage(RAP\AuthPageModel $authPageModel) {
         'model' => $authPageModel));
 }
 
+Flight::route('GET /.well-known/openid-configuration', function() {
+    global $locator;
+    $discoveryGen = new RAP\OIDCDiscoveryGenerator($locator);
+    Flight::json($discoveryGen->getConfiguration());
+});
+
 Flight::route('GET /auth/oauth2/authorize', function() {
 
     session_start();
-- 
GitLab