--- a/mod_http_oauth2/mod_http_oauth2.lua Thu Mar 02 23:59:09 2023 +0100
+++ b/mod_http_oauth2/mod_http_oauth2.lua Fri Mar 03 11:24:05 2023 +0000
@@ -369,3 +369,26 @@
event.response.status_code = event.error.code or 400;
return json.encode(oauth2_response);
end, 5);
+
+-- OIDC Discovery
+
+module:provides("http", {
+ name = "oauth2-discovery";
+ default_path = "/.well-known/oauth-authorization-server";
+ route = {
+ ["GET"] = {
+ headers = { content_type = "application/json" };
+ body = json.encode {
+ issuer = module:http_url(nil, "/");
+ authorization_endpoint = module:http_url() .. "/authorize";
+ token_endpoint = module:http_url() .. "/token";
+ jwks_uri = nil; -- TODO?
+ registration_endpoint = nil; -- TODO
+ scopes_supported = { "prosody:restricted"; "prosody:user"; "prosody:admin"; "prosody:operator" };
+ response_types_supported = { "code"; "token" };
+ };
+ };
+ };
+});
+
+module:shared("tokenauth/oauthbearer_config").oidc_discovery_url = module:http_url("oauth2-discovery", "/.well-known/oauth-authorization-server");