authx_plugins/oidc_provider/
discovery.rs1use serde::{Deserialize, Serialize};
4
5pub fn oidc_discovery_document(issuer: &str, base_path: &str) -> DiscoveryDocument {
7 let issuer = issuer.trim_end_matches('/');
8 let base = if base_path.is_empty() {
9 issuer.to_string()
10 } else {
11 format!("{issuer}{}", base_path.trim_end_matches('/'))
12 };
13 DiscoveryDocument {
14 issuer: issuer.to_string(),
15 authorization_endpoint: format!("{base}/authorize"),
16 token_endpoint: format!("{base}/token"),
17 device_authorization_endpoint: format!("{base}/device_authorization"),
18 revocation_endpoint: format!("{base}/revoke"),
19 introspection_endpoint: format!("{base}/introspect"),
20 userinfo_endpoint: format!("{base}/userinfo"),
21 jwks_uri: format!("{base}/jwks"),
22 scopes_supported: vec!["openid".into(), "profile".into(), "email".into()],
23 response_types_supported: vec!["code".into()],
24 grant_types_supported: vec![
25 "authorization_code".into(),
26 "refresh_token".into(),
27 "urn:ietf:params:oauth:grant-type:device_code".into(),
28 ],
29 token_endpoint_auth_methods_supported: vec![
30 "client_secret_post".into(),
31 "client_secret_basic".into(),
32 ],
33 subject_types_supported: vec!["public".into()],
34 id_token_signing_alg_values_supported: vec!["EdDSA".into()],
35 }
36}
37
38#[derive(Debug, Clone, Serialize, Deserialize)]
39#[serde(rename_all = "snake_case")]
40pub struct DiscoveryDocument {
41 pub issuer: String,
42 pub authorization_endpoint: String,
43 pub token_endpoint: String,
44 pub device_authorization_endpoint: String,
45 pub revocation_endpoint: String,
46 pub introspection_endpoint: String,
47 pub userinfo_endpoint: String,
48 pub jwks_uri: String,
49 pub scopes_supported: Vec<String>,
50 pub response_types_supported: Vec<String>,
51 pub grant_types_supported: Vec<String>,
52 pub token_endpoint_auth_methods_supported: Vec<String>,
53 pub subject_types_supported: Vec<String>,
54 pub id_token_signing_alg_values_supported: Vec<String>,
55}