From 86ccda6c51af826aec96af7feb5deff4013b55d6 Mon Sep 17 00:00:00 2001
From: cmrd Senya <senya@riseup.net>
Date: Sat, 3 Sep 2016 02:25:30 +0300
Subject: [PATCH] Support Dynamic Client Registration

Adds support for Dynamic Client Registration (see
https://openid.net/specs/openid-connect-registration-1_0.html).

Dynamic Client Registration is initiated when no identifier was supplied among
the client_options.

Also, this includes changes for the better handling of "http" schema (useful in testing).
---
 lib/omniauth/strategies/openid_connect.rb | 25 +++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/lib/omniauth/strategies/openid_connect.rb b/lib/omniauth/strategies/openid_connect.rb
index e4705c90..2432e029 100644
--- a/lib/omniauth/strategies/openid_connect.rb
+++ b/lib/omniauth/strategies/openid_connect.rb
@@ -16,12 +16,13 @@ class OpenIDConnect
         redirect_uri: nil,
         scheme: "https",
         host: nil,
-        port: 443,
+        port: nil,
         authorization_endpoint: "/authorize",
         token_endpoint: "/token",
         userinfo_endpoint: "/userinfo",
         jwks_uri: '/jwk'
       }
+      option :client_name, "a web application via omniauth-openid-connect" # in case of dynamic registration
       option :issuer
       option :discovery, false
       option :client_signing_alg
@@ -74,7 +75,16 @@ class OpenIDConnect
       end
 
       def client
-        @client ||= ::OpenIDConnect::Client.new(client_options)
+        @client ||= \
+          if client_options.identifier.nil?
+            registrar.register!.tap do |client|
+              %i(authorization_endpoint token_endpoint userinfo_endpoint).each do |key|
+                client.send :"#{key}=", client_options[key]
+              end
+            end
+          else
+             ::OpenIDConnect::Client.new(client_options)
+          end
       end
 
       def config
@@ -82,6 +92,10 @@ def config
       end
 
       def request_phase
+        if client_options.scheme == "http"
+          WebFinger.url_builder = URI::HTTP
+          SWD.url_builder = URI::HTTP
+        end
         options.issuer = issuer if options.issuer.blank?
         discover! if options.discovery
         redirect authorize_uri
@@ -138,6 +152,13 @@ def public_key
 
       private
 
+      def registrar
+        ::OpenIDConnect::Client::Registrar.new(config.registration_endpoint).tap do |registrar|
+          registrar.redirect_uris = *client_options.redirect_uri
+          registrar.client_name = options.client_name
+        end
+      end
+
       def issuer
         resource = "#{client_options.scheme}://#{client_options.host}" + ((client_options.port) ? ":#{client_options.port.to_s}" : '')
         ::OpenIDConnect::Discovery::Provider.discover!(resource).issuer