1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158

use actix_web::{get, web, HttpRequest, Responder};
use serde::Serialize;

/// OpenID Provider Metadata
/// https://openid.net/specs/openid-connect-discovery-1_0.html
/// https://stackoverflow.com/questions/53900612/how-do-i-avoid-generating-json-when-serializing-a-value-that-is-null-or-a-defaul
#[derive(Serialize)]
pub struct OpenIDProviderMetadata {
    /// REQUIRED
    issuer: String,

    /// REQUIRED
    /// URL of the OP's OAuth 2.0 Authorization Endpoint
    authorization_endpoint: String,

    /// REQUIRED*
    /// URL of the OP's OAuth 2.0 Token Endpoint
    ///
    /// *This is REQUIRED unless only the Implicit Flow is used.
    token_endpoint: String,

    // RECOMMENDED
    // URL of the OP's UserInfo Endpoint
    // userinfo_endpoint: String,
    /// REQUIRED
    /// URL of the OP's JSON Web Key Set document. This contains the signing key(s) the RP uses to
    /// validate signatures from the OP. The JWK Set MAY also contain the Server's encryption
    /// key(s), which are used by RPs to encrypt requests to the Server. When both signing and
    /// encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all
    /// keys in the referenced JWK Set to indicate each key's intended usage. Although some
    /// algorithms allow the same key to be used for both signatures and encryption, doing so is
    /// NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509
    /// representations of keys provided. When used, the bare key values MUST still be present and
    /// MUST match those in the certificate.
    jwks_uri: String,

    // RECOMMENDED
    // URL of the OP's Dynamic Client Registration Endpoint
    // registration_endpoint: String,

    // RECOMMENDED
    // scopes_supported: String,
    /// REQUIRED
    #[serde(skip_serializing_if = "Option::is_none")]
    #[serde(default)]
    response_types_supported: Option<String>,
    // OPTIONAL
    // response_modes_supported: String,

    // OPTIONAL
    // grant_types_supported: String,

    // OPTIONAL
    // acr_values_supported: String,

    // OPTIONAL
    // subject_types_supported: String,

    // OPTIONAL
    // id_token_signing_alg_values_supported: String,

    // OPTIONAL
    // id_token_encryption_alg_values_supported: String,

    // OPTIONAL
    // id_token_encryption_enc_values_supported: String,

    // OPTIONAL
    // userinfo_signing_alg_values_supported: String,

    // OPTIONAL
    // userinfo_encryption_alg_values_supported: String,

    // OPTIONAL
    // userinfo_encryption_enc_values_supported: String,

    // OPTIONAL
    // request_object_signing_alg_values_supported: String,

    // OPTIONAL
    // request_object_encryption_alg_values_supported: String,

    // OPTIONAL
    // request_object_encryption_enc_values_supported: String,

    // OPTIONAL
    // token_endpoint_auth_methods_supported: String,

    // OPTIONAL
    // token_endpoint_auth_signing_alg_values_supported: String,

    // OPTIONAL
    // display_values_supported: String,

    // OPTIONAL
    // claim_types_supported: String,

    // RECOMMENDED
    // claims_supported: String,

    // OPTIONAL
    // service_documentation: String,

    // OPTIONAL
    // claims_locales_supported: String,

    // OPTIONAL
    // ui_locales_supported: String,

    // OPTIONAL
    // claims_parameter_supported: String,

    // OPTIONAL
    // request_parameter_supported: String,

    // OPTIONAL
    // request_uri_parameter_supported: String,

    // OPTIONAL
    // require_request_uri_registration: String,

    // OPTIONAL
    // op_policy_uri: String,

    // OPTIONAL
    // op_tos_uri: String
}

/*
async fn configuration(_req: HttpRequest) -> HttpResponse {
    // println!("{} {}", param.0, param.1);
    let metadata: OpenIDProviderMetadata;

    HttpResponse::Ok()
        .content_type("application/json")
        .body(web::Json(metadata))
}
*/

#[get("/.well-known/openid-configuration")]
pub async fn metadata(_req: HttpRequest) -> impl Responder {
    let host = _req.headers().get("Host").unwrap();

    let issuer = "https://".to_owned() + host.to_str().unwrap() + "/oauth/v2";
    let authorize = "https://".to_owned() + host.to_str().unwrap() + "/oauth/v2/auth";
    let token = "https://".to_owned() + host.to_str().unwrap() + "/oauth/v2/token";
    let jwks = "https://".to_owned() + host.to_str().unwrap() + "/oauth/v2/keys";

    let metadata = OpenIDProviderMetadata {
        issuer: String::from(issuer),
        authorization_endpoint: String::from(authorize),
        token_endpoint: String::from(token),
        jwks_uri: String::from(jwks),
        response_types_supported: Default::default(),
    };

    web::Json(metadata)
}