feat: oidc provider config route

feat: add auth config attributes `API_HOSTNAME` and `API_PUBLIC_URL` feat: `introspectionEndpoint` and `revocationEndpoint` for `GetOpenIDProviderConfigResponse`
2026-03-26 11:41:18 +00:00 · 2025-09-29 21:07:45 +01:00
parent 958f96b3e5
commit 1b0cc09aad
6 changed files with 321 additions and 256 deletions
--- a/internal/svc/auth/auth.go
+++ b/internal/svc/auth/auth.go
@@ -42,9 +42,6 @@ type AuthService struct {
 	pbVal *protovalidate.Validator
 }

-// Ensure methods are implemented in AuthService at compile time
-var _ pb.AuthServiceServer = (*AuthService)(nil)
-
 // Interface for database methods
 // Allows implementing separate controllers for different databases (e.g. Postgres, MongoDB, etc)
 type StorageController interface {
@@ -88,7 +85,18 @@ func (svc AuthService) ServiceInfo(ctx context.Context, req *commonpb.ServiceInf
 }

 func (svc AuthService) GetOpenIDProviderConfig(ctx context.Context, req *pb.GetOpenIDProviderConfigRequest) (*pb.GetOpenIDProviderConfigResponse, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetOpenIDProviderConfig not implemented")
+	return &pb.GetOpenIDProviderConfigResponse{
+		Issuer:                            svc.cfg.ServiceOpts.ApiPublicUrl + "/v1/auth",
+		AuthorizationEndpoint:             svc.cfg.ServiceOpts.ApiPublicUrl + "/v1/auth/oauth/authorize",
+		TokenEndpoint:                     svc.cfg.ServiceOpts.ApiPublicUrl + "/v1/auth/oauth/token",
+		IntrospectionEndpoint:             svc.cfg.ServiceOpts.ApiPublicUrl + "/v1/auth/oauth/introspect",
+		RevocationEndpoint:                svc.cfg.ServiceOpts.ApiPublicUrl + "/v1/auth/oauth/revoke",
+		UserinfoEndpoint:                  svc.cfg.ServiceOpts.ApiPublicUrl + "/v1/auth/oidc/userinfo",
+		JwksUri:                           svc.cfg.ServiceOpts.ApiPublicUrl + "/v1/auth/.well-known/jwks",
+		TokenEndpointAuthMethodsSupported: []string{},
+		ScopesSupported:                   []string{},
+		ClaimsSupported:                   []string{},
+	}, nil
 }

 func (svc AuthService) OAuthAuthorize(ctx context.Context, req *pb.OAuthAuthorizeRequest) (*pb.OAuthAuthorizeResponse, error) {
--- a/internal/svc/auth/config.go
+++ b/internal/svc/auth/config.go
@@ -68,6 +68,15 @@ type ServiceConfigOpts struct {

 	// Generated from PrivateKey
 	PublicJwk *pb.PublicEcJWK
+
+	// Env Var: "API_HOSTNAME"
+	// i.e. "api.example.com"
+	ApiHostname string
+
+	// Env Var: "API_PUBLIC_URL"
+	// default: http://localhost/api
+	// i.e: "https://example.com/api" or "https://api.example.com"
+	ApiPublicUrl string
 }

 // Load the ServiceConfigOpts
@@ -84,6 +93,21 @@ func (opts *ServiceConfigOpts) Load() error {
 	// prepare the JWK public key
 	opts.PublicJwk = preparePublicJwk(opts.PrivateKey)

+	// load other attributes
+	apiHostname, err := config.RequireFromEnv("API_HOSTNAME")
+	if err != nil {
+		return err
+	}
+
+	opts.ApiHostname = apiHostname
+
+	apiPublicUrl, err := config.RequireFromEnv("API_PUBLIC_URL")
+	if err != nil {
+		return err
+	}
+
+	opts.ApiPublicUrl = apiPublicUrl
+
 	return nil
 }