Support Dynamic Client Registration

Adds support for Dynamic Client Registration (see https://openid.net/specs/openid-connect-registration-1_0.html). Dynamic Client Registration is initiated when no identifier was supplied among the client_options. Also, this includes changes for the better handling of "http" schema (useful in testing).
jjbohn · Sep 2, 2016 · 86ccda6 · 86ccda6
1 parent 849b181
commit 86ccda6
Showing 1 changed file with 23 additions and 2 deletions.
diff --git a/lib/omniauth/strategies/openid_connect.rb b/lib/omniauth/strategies/openid_connect.rb
@@ -16,12 +16,13 @@ class OpenIDConnect
         redirect_uri: nil,
         scheme: "https",
         host: nil,
-        port: 443,
+        port: nil,
         authorization_endpoint: "/authorize",
         token_endpoint: "/token",
         userinfo_endpoint: "/userinfo",
         jwks_uri: '/jwk'
       }
+      option :client_name, "a web application via omniauth-openid-connect" # in case of dynamic registration
       option :issuer
       option :discovery, false
       option :client_signing_alg
@@ -74,14 +75,27 @@ class OpenIDConnect
       end
 
       def client
-        @client ||= ::OpenIDConnect::Client.new(client_options)
+        @client ||= \
+          if client_options.identifier.nil?
+            registrar.register!.tap do |client|
+              %i(authorization_endpoint token_endpoint userinfo_endpoint).each do |key|
+                client.send :"#{key}=", client_options[key]
+              end
+            end
+          else
+             ::OpenIDConnect::Client.new(client_options)
+          end
       end
 
       def config
         @config ||= ::OpenIDConnect::Discovery::Provider::Config.discover!(options.issuer)
       end
 
       def request_phase
+        if client_options.scheme == "http"
+          WebFinger.url_builder = URI::HTTP
+          SWD.url_builder = URI::HTTP
+        end
         options.issuer = issuer if options.issuer.blank?
         discover! if options.discovery
         redirect authorize_uri
@@ -138,6 +152,13 @@ def public_key
 
       private
 
+      def registrar
+        ::OpenIDConnect::Client::Registrar.new(config.registration_endpoint).tap do |registrar|
+          registrar.redirect_uris = *client_options.redirect_uri
+          registrar.client_name = options.client_name
+        end
+      end
+
       def issuer
         resource = "#{client_options.scheme}://#{client_options.host}" + ((client_options.port) ? ":#{client_options.port.to_s}" : '')
         ::OpenIDConnect::Discovery::Provider.discover!(resource).issuer