use .well-known

indieauth-metadata
2022-11-07 19:50:13 +01:00 · 2022-11-07 19:44:10 +01:00
5 changed files with 71 additions and 0 deletions
--- a/cmd/owl/web/auth_test.go
+++ b/cmd/owl/web/auth_test.go
@ -399,3 +399,29 @@ func TestAccessTokenWithIncorrectCode(t *testing.T) {

 	assertions.AssertStatus(t, rr, http.StatusUnauthorized)
 }
+
+func TestIndieauthMetadata(t *testing.T) {
+	repo, user := getSingleUserTestRepo()
+	user.ResetPassword("testpassword")
+	req, _ := http.NewRequest("GET", user.IndieauthMetadataUrl(), nil)
+	rr := httptest.NewRecorder()
+	router := main.SingleUserRouter(&repo)
+	router.ServeHTTP(rr, req)
+
+	assertions.AssertStatus(t, rr, http.StatusOK)
+	// parse response as json
+	type responseType struct {
+		Issuer                        string   `json:"issuer"`
+		AuthorizationEndpoint         string   `json:"authorization_endpoint"`
+		TokenEndpoint                 string   `json:"token_endpoint"`
+		CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported"`
+		ScopesSupported               []string `json:"scopes_supported"`
+		ResponseTypesSupported        []string `json:"response_types_supported"`
+		GrantTypesSupported           []string `json:"grant_types_supported"`
+	}
+	var response responseType
+	json.Unmarshal(rr.Body.Bytes(), &response)
+	assertions.AssertEqual(t, response.Issuer, user.FullUrl())
+	assertions.AssertEqual(t, response.AuthorizationEndpoint, user.AuthUrl())
+	assertions.AssertEqual(t, response.TokenEndpoint, user.TokenUrl())
+}
--- a/cmd/owl/web/handler.go
+++ b/cmd/owl/web/handler.go
@ -60,6 +60,43 @@ func userIndexHandler(repo *owl.Repository) func(http.ResponseWriter, *http.Requ
 	}
 }

+func userAuthMetadataHandler(repo *owl.Repository) func(http.ResponseWriter, *http.Request, httprouter.Params) {
+	return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
+		user, err := getUserFromRepo(repo, ps)
+		if err != nil {
+			println("Error getting user: ", err.Error())
+			notFoundHandler(repo)(w, r)
+			return
+		}
+
+		type Response struct {
+			Issuer                        string   `json:"issuer"`
+			AuthorizationEndpoint         string   `json:"authorization_endpoint"`
+			TokenEndpoint                 string   `json:"token_endpoint"`
+			CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported"`
+			ScopesSupported               []string `json:"scopes_supported"`
+			ResponseTypesSupported        []string `json:"response_types_supported"`
+			GrantTypesSupported           []string `json:"grant_types_supported"`
+		}
+		response := Response{
+			Issuer:                        user.FullUrl(),
+			AuthorizationEndpoint:         user.AuthUrl(),
+			TokenEndpoint:                 user.TokenUrl(),
+			CodeChallengeMethodsSupported: []string{"S256", "plain"},
+			ScopesSupported:               []string{"profile"},
+			ResponseTypesSupported:        []string{"code"},
+			GrantTypesSupported:           []string{"authorization_code"},
+		}
+		jsonData, err := json.Marshal(response)
+		if err != nil {
+			println("Error marshalling json: ", err.Error())
+			w.WriteHeader(http.StatusInternalServerError)
+			w.Write([]byte("Internal server error"))
+		}
+		w.Write(jsonData)
+	}
+}
+
 func userAuthHandler(repo *owl.Repository) func(http.ResponseWriter, *http.Request, httprouter.Params) {
 	return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 		user, err := getUserFromRepo(repo, ps)
--- a/cmd/owl/web/server.go
+++ b/cmd/owl/web/server.go
@ -23,6 +23,7 @@ func Router(repo *owl.Repository) http.Handler {
 	router.GET("/user/:user/posts/:post/", postHandler(repo))
 	router.GET("/user/:user/posts/:post/media/*filepath", postMediaHandler(repo))
 	router.POST("/user/:user/webmention/", userWebmentionHandler(repo))
+	router.GET("/user/:user/.well-known/oauth-authorization-server", userAuthMetadataHandler(repo))
 	router.NotFound = http.HandlerFunc(notFoundHandler(repo))
 	return router
 }
@ -40,6 +41,7 @@ func SingleUserRouter(repo *owl.Repository) http.Handler {
 	router.GET("/posts/:post/", postHandler(repo))
 	router.GET("/posts/:post/media/*filepath", postMediaHandler(repo))
 	router.POST("/webmention/", userWebmentionHandler(repo))
+	router.GET("/.well-known/oauth-authorization-server", userAuthMetadataHandler(repo))
 	router.NotFound = http.HandlerFunc(notFoundHandler(repo))
 	return router
 }
--- a/embed/initial/base.html
+++ b/embed/initial/base.html
@ -28,6 +28,7 @@
    <link rel="stylesheet" href="/static/pico.min.css">
    <link rel="webmention" href="{{ .User.WebmentionUrl }}">
    {{ if .User.AuthUrl }}
+    <link rel="indieauth-metadata" href="{{ .User.IndieauthMetadataUrl }}">
    <link rel="authorization_endpoint" href="{{ .User.AuthUrl}}">
    <link rel="token_endpoint" href="{{ .User.TokenUrl}}">
    {{ end }}
--- a/user.go
+++ b/user.go
@ -78,6 +78,11 @@ func (user User) TokenUrl() string {
 	return url
 }

+func (user User) IndieauthMetadataUrl() string {
+	url, _ := url.JoinPath(user.FullUrl(), ".well-known/oauth-authorization-server")
+	return url
+}
+
 func (user User) WebmentionUrl() string {
 	url, _ := url.JoinPath(user.FullUrl(), "webmention/")
 	return url
Author	SHA1	Message	Date
Niko Abeler	703531834d	use .well-known	2022-11-07 19:50:13 +01:00
Niko Abeler	37936a450f	indieauth-metadata	2022-11-07 19:44:10 +01:00