*: set response types supported in discovery based on server config

2016-08-25 16:18:09 -07:00 · 2016-08-25 16:18:09 -07:00 · 571024182d
commit 571024182d
parent 6564c15d9e
3 changed files with 31 additions and 18 deletions
--- a/cmd/dex/serve.go
+++ b/cmd/dex/serve.go
@ -92,6 +92,8 @@ func serve(cmd *cobra.Command, args []string) error {
 		Issuer:     c.Issuer,
 		Connectors: connectors,
 		Storage:    s,
+
+		SupportedResponseTypes: c.OAuth2.ResponseTypes,
 	}

 	serv, err := server.New(serverConfig)
--- a/server/handlers.go
+++ b/server/handlers.go
@ -8,6 +8,7 @@ import (
 	"net/http"
 	"net/url"
 	"path"
+	"sort"
 	"strconv"
 	"strings"
 	"time"
@ -72,14 +73,12 @@ type discovery struct {
 	Claims        []string `json:"claims_supported"`
 }

-func (s *Server) handleDiscovery(w http.ResponseWriter, r *http.Request) {
-	// TODO(ericchiang): Cache this
+func (s *Server) discoveryHandler() (http.HandlerFunc, error) {
 	d := discovery{
 		Issuer:      s.issuerURL.String(),
 		Auth:        s.absURL("/auth"),
 		Token:       s.absURL("/token"),
 		Keys:        s.absURL("/keys"),
-		ResponseTypes: []string{"code"},
 		Subjects:    []string{"public"},
 		IDTokenAlgs: []string{string(jose.RS256)},
 		Scopes:      []string{"openid", "email", "profile", "offline_access"},
@ -89,15 +88,22 @@ func (s *Server) handleDiscovery(w http.ResponseWriter, r *http.Request) {
 			"iat", "iss", "locale", "name", "sub",
 		},
 	}
+
+	for responseType := range s.supportedResponseTypes {
+		d.ResponseTypes = append(d.ResponseTypes, responseType)
+	}
+	sort.Strings(d.ResponseTypes)
+
 	data, err := json.MarshalIndent(d, "", "  ")
 	if err != nil {
-		log.Printf("failed to marshal discovery data: %v", err)
-		http.Error(w, "Internal server error", http.StatusInternalServerError)
-		return
+		return nil, fmt.Errorf("failed to marshal discovery data: %v", err)
 	}
+
+	return func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/json")
 		w.Header().Set("Content-Length", strconv.Itoa(len(data)))
 		w.Write(data)
+	}, nil
 }

 // handleAuthorization handles the OAuth2 auth endpoint.
--- a/server/server.go
+++ b/server/server.go
@ -136,8 +136,13 @@ func newServer(c Config, rotationStrategy rotationStrategy) (*Server, error) {
 	}
 	r.NotFoundHandler = http.HandlerFunc(s.notFound)

+	discoveryHandler, err := s.discoveryHandler()
+	if err != nil {
+		return nil, err
+	}
+	handleFunc("/.well-known/openid-configuration", discoveryHandler)
+
 	// TODO(ericchiang): rate limit certain paths based on IP.
-	handleFunc("/.well-known/openid-configuration", s.handleDiscovery)
 	handleFunc("/token", s.handleToken)
 	handleFunc("/keys", s.handlePublicKeys)
 	handleFunc("/auth", s.handleAuthorization)