Class: Himari::Services::OidcProviderMetadataEndpoint::Handler

Inherits:

Object

• Object
• Himari::Services::OidcProviderMetadataEndpoint::Handler

Defined in:

lib/himari/services/oidc_provider_metadata_endpoint.rb

Defined Under Namespace

Classes: InvalidToken

Instance Method Summary

• #initialize(signing_key_provider:, issuer:, env:) ⇒ Handler constructor

  A new instance of Handler.

• #metadata ⇒ Object
• #response ⇒ Object

Constructor Details

#initialize(signing_key_provider:, issuer:, env:) ⇒ Handler

Returns a new instance of Handler.

# File 'lib/himari/services/oidc_provider_metadata_endpoint.rb', line 21

def initialize(signing_key_provider:, issuer:, env:)
  @signing_key_provider = signing_key_provider
  @issuer = issuer
  @env = env
end

Instance Method Details

#metadata ⇒ Object

# File 'lib/himari/services/oidc_provider_metadata_endpoint.rb', line 27

def metadata
  signing_keys = @signing_key_provider.collect()
  {
    issuer: @issuer,
    authorization_endpoint: "#{@issuer}/oidc/authorize",
    token_endpoint: "#{@issuer}/public/oidc/token",
    userinfo_endpoint: "#{@issuer}/public/oidc/userinfo",
    jwks_uri: "#{@issuer}/public/jwks",
    scopes_supported: %w(openid),
    response_types_supported: ['code'], # violation: dynamic OpenID Provider MUST support code, id_token, token+id_token
    subject_types_supported: ['public'],
    id_token_signing_alg_values_supported: signing_keys.map(&:alg).uniq.sort,
    claims_supported: %w(sub iss iat nbf exp),
  }
end

#response ⇒ Object

# File 'lib/himari/services/oidc_provider_metadata_endpoint.rb', line 43

def response
  # https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
  return [404, {'Content-Type' => 'application/json'}, ['{"error": "not_found"}']] unless @env['REQUEST_METHOD'] == 'GET'

  [
    200,
    {'Content-Type' => 'application/json; charset=utf-8'},
    [JSON.pretty_generate(metadata), "\n"],
  ]
end