oidc cleanup and discovery

2018-08-13 20:24:04 -07:00
parent 4fdf5d28ca
commit 62925c4c3f
4 changed files with 39 additions and 29 deletions
--- a/Zotlabs/Module/Authorize.php
+++ b/Zotlabs/Module/Authorize.php
@@ -7,27 +7,34 @@ use Zotlabs\Identity\OAuth2Storage;
 class Authorize extends \Zotlabs\Web\Controller {

 	function get() {
-		if (!local_channel()) {
+		if (! local_channel()) {
 			return login();
-		} else {
-			// TODO: Fully implement the dynamic client registration protocol:
-			// OpenID Connect Dynamic Client Registration 1.0 Client Metadata
-			// http://openid.net/specs/openid-connect-registration-1_0.html
-			$app = array(
-				'name' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : t('Unknown App')),
-				'icon' => (x($_REQUEST, 'logo_uri')  ? $_REQUEST['logo_uri'] : z_root() . '/images/icons/plugin.png'),
+		} 
+		else {
+
+			$name = $_REQUEST['client_name'];
+			if(! $name) {
+				$name = (($_REQUEST['client_id']) ?: t('Unknown App'));
+			}
+
+			$app = [
+				'name' => $name,
+				'icon' => (x($_REQUEST, 'logo_uri')    ? $_REQUEST['logo_uri'] : z_root() . '/images/icons/plugin.png'),
 				'url'  => (x($_REQUEST, 'client_uri')  ? $_REQUEST['client_uri'] : ''),
-			);
-			$o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array(
-				'$title' => t('Authorize'),
-				'$authorize' => sprintf( t('Do you authorize the app %s to access your channel data?'), '<a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> '),
-				'$app' => $app,
-				'$yes' => t('Allow'),
-				'$no' => t('Deny'),
-				'$client_id' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : ''),
+			];
+
+			$link = (($app['url']) ? '<a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> ' : $app['name']);
+
+			$o .= replace_macros(get_markup_template('oauth_authorize.tpl'), [
+				'$title'        => t('Authorize'),
+				'$authorize'    => sprintf( t('Do you authorize the app %s to access your channel data?'), $link ),
+				'$app'          => $app,
+				'$yes'          => t('Allow'),
+				'$no'           => t('Deny'),
+				'$client_id'    => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : ''),
 				'$redirect_uri' => (x($_REQUEST, 'redirect_uri') ? $_REQUEST['redirect_uri'] : ''),
-				'$state' => (x($_REQUEST, 'state') ? $_REQUEST['state'] : ''),
-			));
+				'$state'        => (x($_REQUEST, 'state') ? $_REQUEST['state'] : ''),
+			]);
 			return $o;
 		}
 	}
@@ -60,17 +67,16 @@ class Authorize extends \Zotlabs\Web\Controller {
 		$request = \OAuth2\Request::createFromGlobals();
 		$response = new \OAuth2\Response();

-                // Note, "sub" field must match type and content. $user_id is used to populate - make sure it's a string. 
-                $channel = channelx_by_n(local_channel());
-		$user_id = $channel["channel_id"];
+		// Note, "sub" field must match type and content. $user_id is used to populate - make sure it's a string. 
+		$channel = channelx_by_n(local_channel());
+		$user_id = $channel['channel_id'];

 		// If the client is not registered, add to the database
 		if (!$client = $storage->getClientDetails($client_id)) {
-                        // Until "Dynamic Client Registration" is pursued - allow new clients to assign their own secret in the REQUEST
-			$client_secret = (isset($_REQUEST["client_secret"])) ? $_REQUEST["client_secret"] : random_string(16);
+			// Until "Dynamic Client Registration" is pursued - allow new clients to assign their own secret in the REQUEST
+			$client_secret = (isset($_REQUEST['client_secret'])) ? $_REQUEST['client_secret'] : random_string(16);
 			// Client apps are registered per channel
-			$storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', urldecode($_REQUEST["scope"]), $user_id);
-			
+			$storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', $_REQUEST['scope'], $user_id);
 		}
 		if (!$client = $storage->getClientDetails($client_id)) {
 			// There was an error registering the client.
--- a/Zotlabs/Module/Oauthinfo.php
+++ b/Zotlabs/Module/Oauthinfo.php
@@ -5,19 +5,17 @@ namespace Zotlabs\Module;

 class Oauthinfo extends \Zotlabs\Web\Controller {

-
 	function init() {

 		$ret = [
 			'issuer'                   => z_root(),
 			'authorization_endpoint'   => z_root() . '/authorize',
 			'token_endpoint'           => z_root() . '/token',
+			'userinfo_endpoint'        => z_root() . '/userinfo',
+			'scopes_supported'         => [ 'openid', 'profile', 'email' ],
 			'response_types_supported' => [ 'code', 'token', 'id_token', 'code id_token', 'token id_token' ] 
 		];

-
 		json_return_and_die($ret);
 	}
-
-
 }
--- a/Zotlabs/Module/Well_known.php
+++ b/Zotlabs/Module/Well_known.php
@@ -52,6 +52,7 @@ class Well_known extends \Zotlabs\Web\Controller {
 					break;

 				case 'oauth-authorization-server':
+				case 'openid-configuration':
 					\App::$argc -= 1;
 					array_shift(\App::$argv);
 					\App::$argv[0] = 'oauthinfo';
--- a/Zotlabs/Module/Wfinger.php
+++ b/Zotlabs/Module/Wfinger.php
@@ -172,6 +172,11 @@ class Wfinger extends \Zotlabs\Web\Controller {
 						'href' => z_root() . '/hcard/' . $r[0]['channel_address']	
 					],

+					[
+						'rel'  => 'http://openid.net/specs/connect/1.0/issuer',
+						'href' => z_root()
+					],
+

 					[
 						'rel'  => 'http://webfinger.net/rel/profile-page',