Add service_documentation, use non-standard registration URL

2024-05-02 16:03:10 +02:00 · 2024-05-02 16:03:10 +02:00 · a26efe835e
parent 93e62b1512
commit a26efe835e
3 changed files with 19 additions and 11 deletions
--- a/app/presenters/oauth_metadata_presenter.rb
+++ b/app/presenters/oauth_metadata_presenter.rb
@ -4,14 +4,19 @@ class OauthMetadataPresenter < ActiveModelSerializers::Model
  include RoutingHelper

  attributes :issuer, :authorization_endpoint, :token_endpoint,
-             :registration_endpoint, :revocation_endpoint, :scopes_supported,
+             :revocation_endpoint, :scopes_supported,
             :response_types_supported, :response_modes_supported,
-             :grant_types_supported, :token_endpoint_auth_methods_supported
+             :grant_types_supported, :token_endpoint_auth_methods_supported,
+             :service_documentation, :app_registration_endpoint

  def issuer
    root_url
  end

+  def service_documentation
+    'https://docs.joinmastodon.org/'
+  end
+
  def authorization_endpoint
    oauth_authorization_url
  end
@ -20,11 +25,11 @@ class OauthMetadataPresenter < ActiveModelSerializers::Model
    oauth_token_url
  end

-  # NOTE: the api_v1_apps route doesn't technically conform to the
-  # specification for OAuth 2.0 Dynamic Client Registration defined in
-  # https://datatracker.ietf.org/doc/html/rfc7591
-  # But for Mastodon, this is the API Endpoint that you would want for this property
-  def registration_endpoint
+  # As the api_v1_apps route doesn't technically conform to the specification
+  # for OAuth 2.0 Dynamic Client Registration defined in RFC 7591 we use a
+  # non-standard property for now to indicate the mastodon specific registration
+  # endpoint. See: https://datatracker.ietf.org/doc/html/rfc7591
+  def app_registration_endpoint
    api_v1_apps_url
  end

--- a/app/serializers/oauth_metadata_serializer.rb
+++ b/app/serializers/oauth_metadata_serializer.rb
@ -2,7 +2,8 @@

 class OauthMetadataSerializer < ActiveModel::Serializer
  attributes :issuer, :authorization_endpoint, :token_endpoint,
-             :registration_endpoint, :revocation_endpoint, :scopes_supported,
+             :revocation_endpoint, :scopes_supported,
             :response_types_supported, :response_modes_supported,
-             :grant_types_supported, :token_endpoint_auth_methods_supported
+             :grant_types_supported, :token_endpoint_auth_methods_supported,
+             :service_documentation, :app_registration_endpoint
 end
--- a/spec/requests/well_known/oauth_metadata_spec.rb
+++ b/spec/requests/well_known/oauth_metadata_spec.rb
@ -23,13 +23,15 @@ describe 'The /.well-known/oauth-authorization-server request' do

    expect(body_as_json).to include(
      issuer: root_url(protocol: protocol),
+      service_documentation: 'https://docs.joinmastodon.org/',
      authorization_endpoint: oauth_authorization_url(protocol: protocol),
      token_endpoint: oauth_token_url(protocol: protocol),
-      registration_endpoint: api_v1_apps_url(protocol: protocol),
      revocation_endpoint: oauth_revoke_url(protocol: protocol),
      scopes_supported: Doorkeeper.configuration.scopes.map(&:to_s),
      response_types_supported: Doorkeeper.configuration.authorization_response_types,
-      grant_types_supported: grant_types_supported
+      grant_types_supported: grant_types_supported,
+      # non-standard extension:
+      app_registration_endpoint: api_v1_apps_url(protocol: protocol)
    )
  end
 end