Class: Himari::Services::OidcProviderMetadataEndpoint::Handler

Inherits:

Object

• Object
• Himari::Services::OidcProviderMetadataEndpoint::Handler

Defined in:

lib/himari/services/oidc_provider_metadata_endpoint.rb

Defined Under Namespace

Classes: InvalidToken

Instance Method Summary

• #initialize(signing_key_provider:, issuer:, env:, registration_endpoint: nil, client_id_metadata_document_supported: false, scopes_supported: [], claims_supported: []) ⇒ Handler constructor

  A new instance of Handler.

• #metadata ⇒ Object
• #response ⇒ Object

Constructor Details

#initialize(signing_key_provider:, issuer:, env:, registration_endpoint: nil, client_id_metadata_document_supported: false, scopes_supported: [], claims_supported: []) ⇒ Handler

Returns a new instance of Handler.

# File 'lib/himari/services/oidc_provider_metadata_endpoint.rb', line 35

def initialize(signing_key_provider:, issuer:, env:, registration_endpoint: nil, client_id_metadata_document_supported: false, scopes_supported: [], claims_supported: [])
  @signing_key_provider = signing_key_provider
  @issuer = issuer
  @registration_endpoint = registration_endpoint
  @client_id_metadata_document_supported = client_id_metadata_document_supported
  @scopes_supported = scopes_supported
  @claims_supported = claims_supported
  @env = env
end

Instance Method Details

#metadata ⇒ Object

# File 'lib/himari/services/oidc_provider_metadata_endpoint.rb', line 45

def metadata
  signing_keys = @signing_key_provider.collect
  {
    issuer: @issuer,
    authorization_endpoint: "#{@issuer}/oidc/authorize",
    token_endpoint: "#{@issuer}/public/oidc/token",
    userinfo_endpoint: "#{@issuer}/public/oidc/userinfo",
    jwks_uri: "#{@issuer}/public/jwks",
    registration_endpoint: @registration_endpoint,
    client_id_metadata_document_supported: @client_id_metadata_document_supported ? true : nil,
    scopes_supported: (DEFAULT_SCOPES_SUPPORTED + @scopes_supported).uniq,
    response_types_supported: ['code'], # violation: dynamic OpenID Provider MUST support code, id_token, token+id_token
    grant_types_supported: %w(authorization_code refresh_token),
    token_endpoint_auth_methods_supported: %w(client_secret_basic client_secret_post none),
    code_challenge_methods_supported: %w(S256 plain),
    subject_types_supported: ['public'],
    id_token_signing_alg_values_supported: signing_keys.map(&:alg).uniq.sort,
    claims_supported: (DEFAULT_CLAIMS_SUPPORTED + @claims_supported).uniq,
  }.compact
end

#response ⇒ Object

# File 'lib/himari/services/oidc_provider_metadata_endpoint.rb', line 66

def response
  # https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
  return [404, {'Content-Type' => 'application/json'}, ['{"error": "not_found"}']] unless @env['REQUEST_METHOD'] == 'GET'

  [
    200,
    {'Content-Type' => 'application/json; charset=utf-8'},
    [JSON.pretty_generate(metadata), "\n"],
  ]
end