Add /.well-known/openid-configuration route.

2025-07-02 19:40:19 +08:00 · 2021-09-25 14:54:13 +08:00
parent 80d2738863
commit a1b5282da9
7 changed files with 112 additions and 2 deletions
--- a/authz/authz.go
+++ b/authz/authz.go
@ -93,6 +93,7 @@ p, *, *, POST, /api/send-verification-code, *, *
 p, *, *, GET, /api/get-human-check, *, *
 p, *, *, POST, /api/reset-email-or-phone, *, *
 p, *, *, POST, /api/upload-resource, *, *
+p, *, *, GET, /.well-known/openid-configuration, *, *
 `

 		sa := stringadapter.NewAdapter(ruleText)
--- a/controllers/oidc_discovery.go
+++ b/controllers/oidc_discovery.go
@ -0,0 +1,22 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import "github.com/casbin/casdoor/object"
+
+func (c *ApiController) GetOidcDiscovery() {
+	c.Data["json"] = object.GetOidcDiscovery()
+	c.ServeJSON()
+}
--- a/object/oidc_discovery.go
+++ b/object/oidc_discovery.go
@ -0,0 +1,53 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+type OidcDiscovery struct {
+	Issuer                                 string   `json:"issuer"`
+	AuthorizationEndpoint                  string   `json:"authorization_endpoint"`
+	JwksUri                                string   `json:"jwks_uri"`
+	ResponseTypesSupported                 []string `json:"response_types_supported"`
+	ResponseModesSupported                 []string `json:"response_modes_supported"`
+	GrantTypesSupported                    []string `json:"grant_types_supported"`
+	SubjectTypesSupported                  []string `json:"subject_types_supported"`
+	IdTokenSigningAlgValuesSupported       []string `json:"id_token_signing_alg_values_supported"`
+	ScopesSupported                        []string `json:"scopes_supported"`
+	ClaimsSupported                        []string `json:"claims_supported"`
+	RequestParameterSupported              bool     `json:"request_parameter_supported"`
+	RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported"`
+}
+
+var oidcDiscovery OidcDiscovery
+
+func init() {
+	oidcDiscovery = OidcDiscovery{
+		Issuer:                                 "",
+		AuthorizationEndpoint:                  "",
+		JwksUri:                                "",
+		ResponseTypesSupported:                 nil,
+		ResponseModesSupported:                 nil,
+		GrantTypesSupported:                    nil,
+		SubjectTypesSupported:                  nil,
+		IdTokenSigningAlgValuesSupported:       nil,
+		ScopesSupported:                        nil,
+		ClaimsSupported:                        nil,
+		RequestParameterSupported:              false,
+		RequestObjectSigningAlgValuesSupported: nil,
+	}
+}
+
+func GetOidcDiscovery() OidcDiscovery {
+	return oidcDiscovery
+}
--- a/routers/router.go
+++ b/routers/router.go
@ -108,4 +108,6 @@ func initAPI() {

 	beego.Router("/api/send-email", &controllers.ApiController{}, "POST:SendEmail")
 	beego.Router("/api/send-sms", &controllers.ApiController{}, "POST:SendSms")
+
+	beego.Router("/.well-known/openid-configuration", &controllers.ApiController{}, "GET:GetOidcDiscovery")
 }
--- a/routers/static_filter.go
+++ b/routers/static_filter.go
@ -24,7 +24,7 @@ import (

 func StaticFilter(ctx *context.Context) {
 	urlPath := ctx.Request.URL.Path
-	if strings.HasPrefix(urlPath, "/api/") {
+	if strings.HasPrefix(urlPath, "/api/") || strings.HasPrefix(urlPath, "/.well-known/") {
 		return
 	}

--- a/web/src/App.js
+++ b/web/src/App.js
@ -50,6 +50,7 @@ import AuthCallback from "./auth/AuthCallback";
 import SelectLanguageBox from './SelectLanguageBox';
 import i18next from 'i18next';
 import PromptPage from "./auth/PromptPage";
+import OdicDiscoveryPage from "./auth/OidcDiscoveryPage";

 const { Header, Footer } = Layout;

@ -355,7 +356,7 @@ class App extends Component {
      );
      res.push(
        <Menu.Item key="/swagger">
-          <a target="_blank" rel="noreferrer" href={Setting.isLocalhost ? `${Setting.ServerUrl}/swagger` : "/swagger"}>
+          <a target="_blank" rel="noreferrer" href={Setting.isLocalhost() ? `${Setting.ServerUrl}/swagger` : "/swagger"}>
            {i18next.t("general:Swagger")}
          </a>
        </Menu.Item>
@ -414,6 +415,7 @@ class App extends Component {
          <Route exact path="/tokens" render={(props) => this.renderLoginIfNotLoggedIn(<TokenListPage account={this.state.account} {...props} />)}/>
          <Route exact path="/tokens/:tokenName" render={(props) => this.renderLoginIfNotLoggedIn(<TokenEditPage account={this.state.account} {...props} />)}/>
          <Route exact path="/records" render={(props) => this.renderLoginIfNotLoggedIn(<RecordListPage account={this.state.account} {...props} />)}/>
+          <Route exact path="/.well-known/openid-configuration" render={(props) => <OdicDiscoveryPage />}/>
          <Route path="" render={() => <Result status="404" title="404 NOT FOUND" subTitle={i18next.t("general:Sorry, the page you visited does not exist.")}
                                               extra={<a href="/"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>} />} />
      </Switch>
--- a/web/src/auth/OidcDiscoveryPage.js
+++ b/web/src/auth/OidcDiscoveryPage.js
@ -0,0 +1,30 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from 'react';
+import * as Setting from "../Setting";
+
+class OdicDiscoveryPage extends React.Component {
+  componentWillMount() {
+    if (Setting.isLocalhost()) {
+      Setting.goToLink(`${Setting.ServerUrl}/.well-known/openid-configuration`);
+    }
+  }
+
+  render() {
+    return null;
+  }
+}
+
+export default OdicDiscoveryPage;