references/openproject
1
0
Fork 0
mirror of https://github.com/opf/openproject.git synced 2026-06-14 03:30:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c950be910e79a5e65feb100e1ba4e85e6ea4ca62
openproject/app/controllers/oauth_metadata_controller.rb
T
Jan Sandbrink d1e2099dd5 Add authorization server metadata endpoint 
Allowing OAuth clients to discover automatically how
the OAuth authorization server integrated into OpenProject
is behaving.
2025-12-10 08:48:54 +01:00

87 lines
2.8 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
#-- copyright
# OpenProject is an open source project management software.
# Copyright (C) the OpenProject GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# See COPYRIGHT and LICENSE files for more details.
#++
class OAuthMetadataController < ApplicationController
no_authorization_required! :authorization_server, :protected_resource
skip_before_action :check_if_login_required
def authorization_server
grant_types = Doorkeeper.configuration.grant_flows
grant_types += ["refresh_token"] if Doorkeeper.configuration.refresh_token_enabled?
render json: {
issuer: local_issuer,
authorization_endpoint: oauth_authorization_url,
token_endpoint: oauth_token_url,
introspection_endpoint: oauth_introspect_url,
scopes_supported: Doorkeeper.configuration.scopes.to_a,
response_types_supported: response_types(Doorkeeper.configuration.grant_flows),
grant_types_supported: grant_types,
service_documentation: OpenProject::Static::Links.url_for(:oauth_applications)
}
end
def protected_resource
render json: {
resource: resource_url,
resource_name: Setting.app_title,
authorization_servers:,
scopes_supported: OpenProject::Authentication::Scope.values,
bearer_methods_supported: ["header"],
resource_documentation: OpenProject::Static::Links.url_for(:api_docs)
}
end
private
def response_types(grant_types)
grant_types.filter_map do |grant|
case grant
when "authorization_code"
"code"
when "implicit"
"token"
end
end
end
def authorization_servers
OpenIDConnect::Provider.where(available: true).map(&:issuer) + [local_issuer]
end
def instance_base_url
"http#{'s' if request.ssl?}://#{Setting.host_name}"
end
alias resource_url instance_base_url
alias local_issuer instance_base_url
end
Reference in New Issue View Git Blame Copy Permalink