diff --git a/lib/omniauth/strategies/openid_connect.rb b/lib/omniauth/strategies/openid_connect.rb index e4705c90..2432e029 100644 --- a/lib/omniauth/strategies/openid_connect.rb +++ b/lib/omniauth/strategies/openid_connect.rb @@ -16,12 +16,13 @@ class OpenIDConnect redirect_uri: nil, scheme: "https", host: nil, - port: 443, + port: nil, authorization_endpoint: "/authorize", token_endpoint: "/token", userinfo_endpoint: "/userinfo", jwks_uri: '/jwk' } + option :client_name, "a web application via omniauth-openid-connect" # in case of dynamic registration option :issuer option :discovery, false option :client_signing_alg @@ -74,7 +75,16 @@ class OpenIDConnect end def client - @client ||= ::OpenIDConnect::Client.new(client_options) + @client ||= \ + if client_options.identifier.nil? + registrar.register!.tap do |client| + %i(authorization_endpoint token_endpoint userinfo_endpoint).each do |key| + client.send :"#{key}=", client_options[key] + end + end + else + ::OpenIDConnect::Client.new(client_options) + end end def config @@ -82,6 +92,10 @@ def config end def request_phase + if client_options.scheme == "http" + WebFinger.url_builder = URI::HTTP + SWD.url_builder = URI::HTTP + end options.issuer = issuer if options.issuer.blank? discover! if options.discovery redirect authorize_uri @@ -138,6 +152,13 @@ def public_key private + def registrar + ::OpenIDConnect::Client::Registrar.new(config.registration_endpoint).tap do |registrar| + registrar.redirect_uris = *client_options.redirect_uri + registrar.client_name = options.client_name + end + end + def issuer resource = "#{client_options.scheme}://#{client_options.host}" + ((client_options.port) ? ":#{client_options.port.to_s}" : '') ::OpenIDConnect::Discovery::Provider.discover!(resource).issuer