Add userinfo oauth endpoint (#32548)

2024-10-30 15:38:10 +01:00 · 2024-10-30 15:38:10 +01:00 · e1b7382ea6
commit e1b7382ea6
parent 0a599d08d8
8 changed files with 112 additions and 12 deletions
--- a/config/initializers/cors.rb
+++ b/config/initializers/cors.rb
@ -23,6 +23,7 @@ Rails.application.config.middleware.insert_before 0, Rack::Cors do
               methods: %i(post put delete get patch options)
      resource '/oauth/token', methods: [:post]
      resource '/oauth/revoke', methods: [:post]
+      resource '/oauth/userinfo', methods: [:get, :post]
    end
  end
 end
--- a/config/routes.rb
+++ b/config/routes.rb
@ -64,6 +64,13 @@ Rails.application.routes.draw do
                tokens: 'oauth/tokens'
  end

+  namespace :oauth do
+    # As this is borrowed from OpenID, the specification says we must also support
+    # POST for the userinfo endpoint:
+    # https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
+    match 'userinfo', via: [:get, :post], to: 'userinfo#show', defaults: { format: 'json' }
+  end
+
  scope path: '.well-known' do
    scope module: :well_known do
      get 'oauth-authorization-server', to: 'oauth_metadata#show', as: :oauth_metadata, defaults: { format: 'json' }