From 076b193b1714383e83d8aa80253cddfd1d695b92 Mon Sep 17 00:00:00 2001
From: Tim <contact@bytim.eu>
Date: Sat, 26 Apr 2025 20:45:22 +0200
Subject: Add oidc discovery endpoint
---
VPNAuth.Server/Api/Oidc.cs | 26 +++++++++++++++++++++++++-
VPNAuth.Server/Program.cs | 1 +
VPNAuth.Server/Responses/OidcDiscovery.cs | 27 +++++++++++++++++++++++++++
3 files changed, 53 insertions(+), 1 deletion(-)
create mode 100644 VPNAuth.Server/Responses/OidcDiscovery.cs
(limited to 'VPNAuth.Server')
diff --git a/VPNAuth.Server/Api/Oidc.cs b/VPNAuth.Server/Api/Oidc.cs
index e8ff3c0..366fabf 100644
--- a/VPNAuth.Server/Api/Oidc.cs
+++ b/VPNAuth.Server/Api/Oidc.cs
@@ -1,4 +1,5 @@
-using VPNAuth.Server.Responses;
+using System.Net;
+using VPNAuth.Server.Responses;
namespace VPNAuth.Server.Api;
@@ -73,4 +74,27 @@ public static class Oidc
await context.Response.WriteAsJsonAsync(userInfoResponse);
}
+
+ public static async Task DiscoveryHandler(HttpContext context)
+ {
+ if (!context.Request.Host.HasValue)
+ {
+ context.Response.StatusCode = StatusCodes.Status400BadRequest;
+ return;
+ }
+
+ var serverAddress = context.Request.IsHttps ? "https://" : "http://" + context.Request.Host.Value;
+
+ await context.Response.WriteAsJsonAsync(new OidcDiscovery
+ {
+ Issuer = serverAddress + "/",
+ AuthorizationEndpoint = $"{serverAddress}/auth",
+ TokenEndpoint = $"{serverAddress}/access-token",
+ UserInfoEndpoint = $"{serverAddress}/user-info",
+ JwksUri = "",
+ ResponseTypesSupported = ["code"],
+ SubjectTypesSupported = [],
+ IdTokenSigningAlgValuesSupported = ["RS256"]
+ });
+ }
}
diff --git a/VPNAuth.Server/Program.cs b/VPNAuth.Server/Program.cs
index e8e5d4f..067e61b 100644
--- a/VPNAuth.Server/Program.cs
+++ b/VPNAuth.Server/Program.cs
@@ -35,6 +35,7 @@ app.MapGet("/accept-auth/{id}", OAuth2.AcceptAuthHandler);
app.MapPost("/access-token", OAuth2.AccessTokenHandler);
app.MapPost("/user-info-settings", UserInterface.UserSettingsHandler);
app.Map("/user-info", Oidc.UserInfoHandler);
+app.MapGet("/.well-known/openid-configuration", Oidc.DiscoveryHandler);
app.MapStaticAssets();
app.MapRazorPages()
diff --git a/VPNAuth.Server/Responses/OidcDiscovery.cs b/VPNAuth.Server/Responses/OidcDiscovery.cs
new file mode 100644
index 0000000..e4d66f4
--- /dev/null
+++ b/VPNAuth.Server/Responses/OidcDiscovery.cs
@@ -0,0 +1,27 @@
+using System.Text.Json.Serialization;
+
+namespace VPNAuth.Server.Responses;
+
+public class OidcDiscovery
+{
+ [JsonPropertyName("issuer")] public string Issuer { get; set; }
+
+ [JsonPropertyName("authorization_endpoint")]
+ public string AuthorizationEndpoint { get; set; }
+
+ [JsonPropertyName("token_endpoint")] public string TokenEndpoint { get; set; }
+
+ [JsonPropertyName("userinfo_endpoint")]
+ public string UserInfoEndpoint { get; set; }
+
+ [JsonPropertyName("jwks_uri")] public string JwksUri { get; set; }
+
+ [JsonPropertyName("response_types_supported")]
+ public List<string> ResponseTypesSupported { get; set; }
+
+ [JsonPropertyName("subject_types_supported")]
+ public List<string> SubjectTypesSupported { get; set; }
+
+ [JsonPropertyName("id_token_signing_alg_values_supported")]
+ public List<string> IdTokenSigningAlgValuesSupported { get; set; }
+}
--
cgit v1.2.3