2024-01-08 14:53:39 +01:00
|
|
|
package wellknown
|
|
|
|
|
2024-01-10 12:21:43 +01:00
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
|
|
|
|
"github.com/photoprism/photoprism/internal/acl"
|
|
|
|
"github.com/photoprism/photoprism/internal/config"
|
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
|
|
|
OAuthResponseTypes = []string{"token"}
|
|
|
|
OAuthGrantTypes = []string{"client_credentials"}
|
|
|
|
OAuthTokenEndpointAuthMethods = []string{"client_secret_basic", "client_secret_post"}
|
|
|
|
OAuthRevocationEndpointAuthMethods = []string{"none"}
|
|
|
|
)
|
|
|
|
|
2024-01-08 14:53:39 +01:00
|
|
|
// OAuthAuthorizationServer represents the values returned by the "/.well-known/oauth-authorization-server" endpoint.
|
|
|
|
type OAuthAuthorizationServer struct {
|
|
|
|
Issuer string `json:"issuer"`
|
|
|
|
AuthorizationEndpoint string `json:"authorization_endpoint"`
|
|
|
|
TokenEndpoint string `json:"token_endpoint"`
|
|
|
|
RegistrationEndpoint string `json:"registration_endpoint"`
|
|
|
|
ResponseTypesSupported []string `json:"response_types_supported"`
|
|
|
|
ResponseModesSupported []string `json:"response_modes_supported"`
|
|
|
|
GrantTypesSupported []string `json:"grant_types_supported"`
|
|
|
|
SubjectTypesSupported []string `json:"subject_types_supported"`
|
|
|
|
ScopesSupported []string `json:"scopes_supported"`
|
|
|
|
TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
|
|
|
|
ClaimsSupported []string `json:"claims_supported"`
|
|
|
|
CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported"`
|
|
|
|
IntrospectionEndpoint string `json:"introspection_endpoint"`
|
|
|
|
IntrospectionEndpointAuthMethodsSupported []string `json:"introspection_endpoint_auth_methods_supported"`
|
|
|
|
RevocationEndpoint string `json:"revocation_endpoint"`
|
|
|
|
RevocationEndpointAuthMethodsSupported []string `json:"revocation_endpoint_auth_methods_supported"`
|
|
|
|
EndSessionEndpoint string `json:"end_session_endpoint"`
|
|
|
|
RequestParameterSupported bool `json:"request_parameter_supported"`
|
|
|
|
RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported"`
|
|
|
|
DeviceAuthorizationEndpoint string `json:"device_authorization_endpoint"`
|
|
|
|
DpopSigningAlgValuesSupported []string `json:"dpop_signing_alg_values_supported"`
|
|
|
|
}
|
2024-01-10 12:21:43 +01:00
|
|
|
|
|
|
|
// NewOAuthAuthorizationServer creates a service discovery endpoint response based on the config provided.
|
|
|
|
func NewOAuthAuthorizationServer(conf *config.Config) *OAuthAuthorizationServer {
|
|
|
|
return &OAuthAuthorizationServer{
|
|
|
|
Issuer: conf.SiteUrl(),
|
|
|
|
AuthorizationEndpoint: "",
|
|
|
|
TokenEndpoint: fmt.Sprintf("%sapi/v1/oauth/token", conf.SiteUrl()),
|
|
|
|
ScopesSupported: acl.Resources.Resources(),
|
|
|
|
ResponseTypesSupported: OAuthResponseTypes,
|
|
|
|
GrantTypesSupported: OAuthGrantTypes,
|
|
|
|
TokenEndpointAuthMethodsSupported: OAuthTokenEndpointAuthMethods,
|
|
|
|
ResponseModesSupported: []string{},
|
|
|
|
SubjectTypesSupported: []string{},
|
|
|
|
ClaimsSupported: []string{},
|
|
|
|
CodeChallengeMethodsSupported: []string{},
|
|
|
|
IntrospectionEndpointAuthMethodsSupported: []string{},
|
|
|
|
RevocationEndpoint: fmt.Sprintf("%sapi/v1/oauth/revoke", conf.SiteUrl()),
|
|
|
|
RevocationEndpointAuthMethodsSupported: OAuthRevocationEndpointAuthMethods,
|
|
|
|
EndSessionEndpoint: "",
|
|
|
|
RequestParameterSupported: false,
|
|
|
|
RequestObjectSigningAlgValuesSupported: []string{},
|
|
|
|
DeviceAuthorizationEndpoint: "",
|
|
|
|
DpopSigningAlgValuesSupported: []string{},
|
|
|
|
}
|
|
|
|
}
|