1  use rocket::serde::json::Json;
 2  use rocket::State;
 3  use serde::{Deserialize, Serialize};
 4  
 5  use crate::api::common::headers::{AccessControlAllowOrigin, AccessControlAllowOriginVariant};
 6  use crate::{models::oauth_scope::OauthScope, util::config::Config};
 7  
 8  #[derive(Debug, Clone, Serialize, Deserialize)]
 9  pub struct OpenIdConfiguration {
10      issuer: String,
11      authorization_endpoint: String,
12      token_endpoint: String,
13      userinfo_endpoint: String,
14      jwks_uri: String,
15      scopes_supported: Vec<String>,
16      response_types_supported: Vec<String>,
17      grant_types_supported: Vec<String>,
18      subject_types_supported: Vec<String>,
19      id_token_signing_alg_values_supported: Vec<String>,
20      claims_supported: Vec<String>,
21  }
22  
23  #[derive(Responder, Debug)]
24  pub enum OpenIdConfigurationResponse {
25      Success {
26          inner: Json<OpenIdConfiguration>,
27          access_control_allow_origin: AccessControlAllowOrigin,
28      },
29  }
30  
31  #[get("/.well-known/openid-configuration")]
32  pub async fn get_openid_configuration(config: &State<Config>) -> OpenIdConfigurationResponse {
33      // TODO: Double check these values (especially where we might support more than is currently listewhere we might support more than is currently listed).
34      OpenIdConfigurationResponse::Success {
35          inner: Json(OpenIdConfiguration {
36              issuer: config.backend_address.clone(),
37              authorization_endpoint: format!("{}/api/oauth/authorize", config.backend_address),
38              token_endpoint: format!("{}/api/oauth/token", config.backend_address),
39              userinfo_endpoint: format!("{}/api/openid/userinfo", config.backend_address),
40              jwks_uri: format!("{}/api/openid/certs", config.backend_address),
41              scopes_supported: vec![OauthScope::OpenId, OauthScope::Profile, OauthScope::Email]
42                  .into_iter()
43                  .map(|s| s.to_string())
44                  .collect(),
45              response_types_supported: vec!["code".into()],
46              grant_types_supported: vec!["authorization_code".into()],
47              subject_types_supported: vec!["public".into()],
48              id_token_signing_alg_values_supported: vec![], // TODO: Not implemented
49              claims_supported: vec![
50                  "iss",
51                  "sub",
52                  "aud",
53                  "exp",
54                  "iat",
55                  "email",
56                  "email_verified",
57                  "name",
58                  "given_name",
59                  "family_name",
60              ]
61              .into_iter()
62              .map(|s| s.to_string())
63              .collect(),
64          }),
65          access_control_allow_origin: AccessControlAllowOriginVariant::Any.into(),
66      }
67  }