Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFC 8414 OAuth 2.0 Authorization Server Metadata Support #12

Merged
merged 1 commit into from
Oct 29, 2024
Merged

RFC 8414 OAuth 2.0 Authorization Server Metadata Support #12

merged 1 commit into from
Oct 29, 2024

Conversation

vamsii777
Copy link
Contributor

@vamsii777 vamsii777 commented Oct 29, 2024
edited
Loading

This PR introduces support for RFC 8414 Authorization Server Metadata, allowing OAuth clients to auto-discover server configurations.

Breaking Changes

1. OAuth2 Initialization Changes

The OAuth2 initializer now requires an issuer parameter and optionally supports jwksEndpoint for a custom JWKS URL.

  • Old: 
    OAuth2(codeManager: codeManager, tokenManager: tokenManager, ...)
  • New (Breaking): 
    OAuth2(
    issuer: "https://auth.example.com", // Required
    jwksEndpoint: "https://auth.example.com/.well-known/jwks.json", // Optional
    codeManager: codeManager,
    tokenManager: tokenManager,
    ...
)

    Note: If jwksEndpoint is not provided, it defaults to {issuer}/.well-known/jwks.json. Ensure compliance with RFC 8414 if relying on the default endpoint.

2. New Required Endpoints

  • Adds /.well-known/oauth-authorization-server endpoint, returning metadata per RFC 8414 with cache control headers.

New Features

1. Server Metadata Support

  • Automatic metadata generation based on server configuration.
  • Full support for RFC 8414 required fields.
  • ServerMetadataProvider protocol for customized metadata handling.

2. Metadata Customization

  • Customize metadata by implementing ServerMetadataProvider:

    protocol ServerMetadataProvider: Sendable {
    func getMetadata() async throws -> OAuthServerMetadata
}

    Example:

    struct CustomMetadataProvider: ServerMetadataProvider {
    func getMetadata() async throws -> OAuthServerMetadata {
        // Return custom metadata
    }
}

Migration Guide

  1. Update OAuth2 Initialization to include the required issuer.

    let oauth = OAuth2(
    issuer: "https://auth.example.com",
    tokenManager: myTokenManager,
    clientRetriever: myClientRetriever,
    oAuthHelper: myOAuthHelper
)

  2. Optionally provide jwksEndpoint if using a custom JWKS endpoint.

    let oauth = OAuth2(
    issuer: "https://auth.example.com",
    jwksEndpoint: "https://custom.example.com/keys",
    ...
)

  3. Implement custom metadata with ServerMetadataProvider if needed:

    let oauth = OAuth2(
    issuer: "https://auth.example.com",
    ...
    metadataProvider: CustomMetadataProvider()
)

Closes #11

@vamsii777
Implement RFC 8414 compliant Authorization Server Metadata endpoint
19a62de 
This commit introduces a new endpoint at /.well-known/oauth-authorization-server to expose OAuth 2.0 server metadata conforming to RFC 8414. The endpoint provides information about the server's configuration, including supported grant types, response types, scopes, and endpoints. This allows clients to dynamically discover the server's capabilities and adapt their interactions accordingly.

The metadata endpoint implementation includes:

- Required fields per RFC 8414
- Recommended fields with appropriate default values
- Optional fields with configurable presence based on feature support
- Custom metadata provider for overriding default values
- Error handling for invalid requests

The endpoint also includes proper HTTP headers to ensure cache control and content type compliance.

Closes #11
@vamsii777 vamsii777 changed the title Implement RFC 8414 compliant Authorization Server Metadata endpoint RFC 8414 OAuth 2.0 Authorization Server Metadata Support Oct 29, 2024
@vamsii777 vamsii777 merged commit 7f40245 into 1.x.x Oct 29, 2024
2 checks passed
@vamsii777 vamsii777 deleted the serv/metadata branch October 29, 2024 21:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Implement OAuth 2.0 Authorization Server Metadata Endpoint per RFC 8414
1 participant
@vamsii777