Add userinfo_endpoint to .well-known/oauth-authorization-server metadata

2024-10-18 16:51:23 +09:00 · 2024-10-16 21:21:11 +02:00 · 2024-10-16 21:21:11 +02:00 · d01391c358
commit d01391c358
parent fca51d0397
3 changed files with 11 additions and 12 deletions
--- a/app/presenters/oauth_metadata_presenter.rb
+++ b/app/presenters/oauth_metadata_presenter.rb
@ -26,6 +26,10 @@ class OauthMetadataPresenter < ActiveModelSerializers::Model
    oauth_token_url
  end

+  def userinfo_endpoint
+    oauth_userinfo_url
+  end
+
  # As the api_v1_apps route doesn't technically conform to the specification
  # for OAuth 2.0 Dynamic Client Registration defined in RFC 7591 we use a
  # non-standard property for now to indicate the mastodon specific registration
--- a/app/serializers/oauth_metadata_serializer.rb
+++ b/app/serializers/oauth_metadata_serializer.rb
@ -2,7 +2,7 @@

 class OauthMetadataSerializer < ActiveModel::Serializer
  attributes :issuer, :authorization_endpoint, :token_endpoint,
-             :revocation_endpoint, :scopes_supported,
+             :revocation_endpoint, :userinfo_endpoint, :scopes_supported,
             :response_types_supported, :response_modes_supported,
             :grant_types_supported, :token_endpoint_auth_methods_supported,
             :code_challenge_methods_supported,
--- a/spec/requests/well_known/oauth_metadata_spec.rb
+++ b/spec/requests/well_known/oauth_metadata_spec.rb
@ -3,12 +3,6 @@
 require 'rails_helper'

 RSpec.describe 'The /.well-known/oauth-authorization-server request' do
-  let(:protocol) { ENV.fetch('LOCAL_HTTPS', true) ? :https : :http }
-
-  before do
-    host! Rails.configuration.x.local_domain
-  end
-
  it 'returns http success with valid JSON response' do
    get '/.well-known/oauth-authorization-server'

@ -22,11 +16,12 @@ RSpec.describe 'The /.well-known/oauth-authorization-server request' do
    grant_types_supported << 'refresh_token' if Doorkeeper.configuration.refresh_token_enabled?

    expect(response.parsed_body).to include(
-      issuer: root_url(protocol: protocol),
+      issuer: root_url,
      service_documentation: 'https://docs.joinmastodon.org/',
-      authorization_endpoint: oauth_authorization_url(protocol: protocol),
-      token_endpoint: oauth_token_url(protocol: protocol),
-      revocation_endpoint: oauth_revoke_url(protocol: protocol),
+      authorization_endpoint: oauth_authorization_url,
+      token_endpoint: oauth_token_url,
+      userinfo_endpoint: oauth_userinfo_url,
+      revocation_endpoint: oauth_revoke_url,
      scopes_supported: Doorkeeper.configuration.scopes.map(&:to_s),
      response_types_supported: Doorkeeper.configuration.authorization_response_types,
      response_modes_supported: Doorkeeper.configuration.authorization_response_flows.flat_map(&:response_mode_matches).uniq,
@ -34,7 +29,7 @@ RSpec.describe 'The /.well-known/oauth-authorization-server request' do
      grant_types_supported: grant_types_supported,
      code_challenge_methods_supported: ['S256'],
      # non-standard extension:
-      app_registration_endpoint: api_v1_apps_url(protocol: protocol)
+      app_registration_endpoint: api_v1_apps_url
    )
  end
 end