From 2c7afae582f34065fdbd6c6c3636384ac1abe051 Mon Sep 17 00:00:00 2001 From: Juan Manuel Lallana Date: Fri, 13 Mar 2020 12:05:51 -0300 Subject: [PATCH 1/2] Simple but effective oauth discovery and userinfo endpoint Signed-off-by: Juan Manuel Lallana --- apps/oauth2/appinfo/routes.php | 10 +++++ .../lib/Controller/OauthApiController.php | 43 ++++++++++++++++++- 2 files changed, 52 insertions(+), 1 deletion(-) diff --git a/apps/oauth2/appinfo/routes.php b/apps/oauth2/appinfo/routes.php index 55b3c5bc7f..96817bb6a3 100644 --- a/apps/oauth2/appinfo/routes.php +++ b/apps/oauth2/appinfo/routes.php @@ -44,5 +44,15 @@ return [ 'url' => '/api/v1/token', 'verb' => 'POST' ], + [ + 'name' => 'OauthApi#discovery', + 'url' => '/.well-known/openid-configuration', + 'verb' => 'GET', + ], + [ + 'name' => 'OauthApi#getUserInfo', + 'url' => '/api/v1/userinfo', + 'verb' => 'GET' + ], ], ]; diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php index 6e12132ed0..d3e0472e20 100644 --- a/apps/oauth2/lib/Controller/OauthApiController.php +++ b/apps/oauth2/lib/Controller/OauthApiController.php @@ -42,6 +42,9 @@ use OCP\AppFramework\Utility\ITimeFactory; use OCP\IRequest; use OCP\Security\ICrypto; use OCP\Security\ISecureRandom; +use OCP\Util; +use OCP\IURLGenerator; +use OCP\IUserSession; class OauthApiController extends Controller { /** @var AccessTokenMapper */ @@ -58,6 +61,10 @@ class OauthApiController extends Controller { private $time; /** @var Throttler */ private $throttler; + /** @var IUserSession */ + private $userSession; + /** @var IUrlGenerator */ + private $urlGenerator; public function __construct(string $appName, IRequest $request, @@ -67,7 +74,9 @@ class OauthApiController extends Controller { TokenProvider $tokenProvider, ISecureRandom $secureRandom, ITimeFactory $time, - Throttler $throttler) { + Throttler $throttler, + IUserSession $userSession, + IURLGenerator $urlGenerator) { parent::__construct($appName, $request); $this->crypto = $crypto; $this->accessTokenMapper = $accessTokenMapper; @@ -76,6 +85,8 @@ class OauthApiController extends Controller { $this->secureRandom = $secureRandom; $this->time = $time; $this->throttler = $throttler; + $this->userSession = $userSession; + $this->urlGenerator = $urlGenerator; } /** @@ -177,4 +188,34 @@ class OauthApiController extends Controller { ] ); } + + /** + * @PublicPage + * @NoCSRFRequired + * + * @return JSONResponse + */ + public function discovery() { + $util = new Util(); + return new JSONResponse([ + 'authorization_endpoint' => $this->urlGenerator->linkToRouteAbsolute('oauth2.LoginRedirector.authorize'), + 'token_endpoint' => $this->urlGenerator->linkToRouteAbsolute('oauth2.OauthApi.getToken'), + 'userinfo_endpoint' => $this->urlGenerator->linkToRouteAbsolute('oauth2.OauthApi.getUserInfo') + ]); + } + + /** + * @PublicPage + * @NoCSRFRequired + * + * @return JSONResponse + */ + public function getUserInfo() { + $user = $this->userSession->getUser(); + return new JSONResponse([ + 'sub' => $user->getUID(), + 'name' => $user->getDisplayName(), + 'email' => $user->getEMailAddress() + ]); + } } From dbb02299ce4687f513dc862e79615e3033b21c61 Mon Sep 17 00:00:00 2001 From: Juan Manuel Lallana Date: Fri, 13 Mar 2020 12:47:48 -0300 Subject: [PATCH 2/2] Issuer in discovery json Signed-off-by: Juan Manuel Lallana --- apps/oauth2/lib/Controller/OauthApiController.php | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php index d3e0472e20..888c0a0db8 100644 --- a/apps/oauth2/lib/Controller/OauthApiController.php +++ b/apps/oauth2/lib/Controller/OauthApiController.php @@ -198,6 +198,7 @@ class OauthApiController extends Controller { public function discovery() { $util = new Util(); return new JSONResponse([ + 'issuer' => $this->urlGenerator->linkToRouteAbsolute(''), 'authorization_endpoint' => $this->urlGenerator->linkToRouteAbsolute('oauth2.LoginRedirector.authorize'), 'token_endpoint' => $this->urlGenerator->linkToRouteAbsolute('oauth2.OauthApi.getToken'), 'userinfo_endpoint' => $this->urlGenerator->linkToRouteAbsolute('oauth2.OauthApi.getUserInfo')