GetAuthorizationServerMetadata returns an http.HandlerFunc that handles GET /.well-known/oauth-authorization-server
(accessURL *url.URL)
| 11 | |
| 12 | // GetAuthorizationServerMetadata returns an http.HandlerFunc that handles GET /.well-known/oauth-authorization-server |
| 13 | func GetAuthorizationServerMetadata(accessURL *url.URL) http.HandlerFunc { |
| 14 | return func(rw http.ResponseWriter, r *http.Request) { |
| 15 | ctx := r.Context() |
| 16 | metadata := codersdk.OAuth2AuthorizationServerMetadata{ |
| 17 | Issuer: accessURL.String(), |
| 18 | AuthorizationEndpoint: accessURL.JoinPath("/oauth2/authorize").String(), |
| 19 | TokenEndpoint: accessURL.JoinPath("/oauth2/tokens").String(), |
| 20 | RegistrationEndpoint: accessURL.JoinPath("/oauth2/register").String(), // RFC 7591 |
| 21 | RevocationEndpoint: accessURL.JoinPath("/oauth2/revoke").String(), // RFC 7009 |
| 22 | ResponseTypesSupported: []codersdk.OAuth2ProviderResponseType{codersdk.OAuth2ProviderResponseTypeCode}, |
| 23 | GrantTypesSupported: []codersdk.OAuth2ProviderGrantType{codersdk.OAuth2ProviderGrantTypeAuthorizationCode, codersdk.OAuth2ProviderGrantTypeRefreshToken}, |
| 24 | CodeChallengeMethodsSupported: []codersdk.OAuth2PKCECodeChallengeMethod{codersdk.OAuth2PKCECodeChallengeMethodS256}, |
| 25 | ScopesSupported: rbac.ExternalScopeNames(), |
| 26 | TokenEndpointAuthMethodsSupported: []codersdk.OAuth2TokenEndpointAuthMethod{codersdk.OAuth2TokenEndpointAuthMethodClientSecretBasic, codersdk.OAuth2TokenEndpointAuthMethodClientSecretPost}, |
| 27 | } |
| 28 | httpapi.Write(ctx, rw, http.StatusOK, metadata) |
| 29 | } |
| 30 | } |
| 31 | |
| 32 | // GetProtectedResourceMetadata returns an http.HandlerFunc that handles GET /.well-known/oauth-protected-resource |
| 33 | func GetProtectedResourceMetadata(accessURL *url.URL) http.HandlerFunc { |
no test coverage detected