mirror of https://github.com/mastodon/mastodon
First pass at implementing RFC 8414 for OAuth 2.0 server metadata
This commit is contained in:
parent
476a043fc5
commit
abf97aac0f
|
@ -0,0 +1,16 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module WellKnown
|
||||
class OauthMetadataController < ActionController::Base # rubocop:disable Rails/ApplicationController
|
||||
include CacheConcern
|
||||
|
||||
# Prevent `active_model_serializer`'s `ActionController::Serialization` from calling `current_user`
|
||||
# and thus re-issuing session cookies
|
||||
serialization_scope nil
|
||||
|
||||
def show
|
||||
expires_in 3.days, public: true
|
||||
render_with_cache json: ::OauthMetadataPresenter.new, serializer: ::OauthMetadataSerializer, content_type: 'application/json'
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,62 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class OauthMetadataPresenter < ActiveModelSerializers::Model
|
||||
include RoutingHelper
|
||||
|
||||
attributes :issuer, :authorization_endpoint, :token_endpoint,
|
||||
:registration_endpoint, :revocation_endpoint, :scopes_supported,
|
||||
:response_types_supported, :response_modes_supported,
|
||||
:grant_types_supported, :token_endpoint_auth_methods_supported
|
||||
|
||||
def issuer
|
||||
"http#{Rails.configuration.x.use_https ? 's' : ''}://#{Rails.configuration.x.web_domain}/"
|
||||
end
|
||||
|
||||
def authorization_endpoint
|
||||
oauth_authorization_url
|
||||
end
|
||||
|
||||
def token_endpoint
|
||||
oauth_token_url
|
||||
end
|
||||
|
||||
# NOTE: the api_v1_apps route doesn't technically conform to the
|
||||
# specification for OAuth 2.0 Dynamic Client Registration defined in
|
||||
# https://datatracker.ietf.org/doc/html/rfc7591
|
||||
# But for Mastodon, this is the API Endpoint that you would want for this property
|
||||
def registration_endpoint
|
||||
api_v1_apps_url
|
||||
end
|
||||
|
||||
def revocation_endpoint
|
||||
oauth_revoke_url
|
||||
end
|
||||
|
||||
def scopes_supported
|
||||
doorkeeper.scopes
|
||||
end
|
||||
|
||||
def response_types_supported
|
||||
doorkeeper.authorization_response_types
|
||||
end
|
||||
|
||||
def response_modes_supported
|
||||
doorkeeper.authorization_response_flows.flat_map(&:response_mode_matches).uniq
|
||||
end
|
||||
|
||||
def grant_types_supported
|
||||
grant_types_supported = doorkeeper.grant_flows.dup
|
||||
grant_types_supported << 'refresh_token' if doorkeeper.refresh_token_enabled?
|
||||
grant_types_supported
|
||||
end
|
||||
|
||||
def token_endpoint_auth_methods_supported
|
||||
%w(client_secret_basic client_secret_post)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def doorkeeper
|
||||
@doorkeeper ||= Doorkeeper.configuration
|
||||
end
|
||||
end
|
|
@ -0,0 +1,8 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class OauthMetadataSerializer < ActiveModel::Serializer
|
||||
attributes :issuer, :authorization_endpoint, :token_endpoint,
|
||||
:registration_endpoint, :revocation_endpoint, :scopes_supported,
|
||||
:response_types_supported, :response_modes_supported,
|
||||
:grant_types_supported, :token_endpoint_auth_methods_supported
|
||||
end
|
|
@ -62,6 +62,7 @@ Rails.application.routes.draw do
|
|||
tokens: 'oauth/tokens'
|
||||
end
|
||||
|
||||
get '.well-known/oauth-authorization-server', to: 'well_known/oauth_metadata#show', as: :oauth_metadata, defaults: { format: 'json' }
|
||||
get '.well-known/host-meta', to: 'well_known/host_meta#show', as: :host_meta, defaults: { format: 'xml' }
|
||||
get '.well-known/nodeinfo', to: 'well_known/node_info#index', as: :nodeinfo, defaults: { format: 'json' }
|
||||
get '.well-known/webfinger', to: 'well_known/webfinger#show', as: :webfinger
|
||||
|
|
Loading…
Reference in New Issue