From 546260b2f9915421de7945e84cfc1e72d7e4a658 Mon Sep 17 00:00:00 2001 From: Hope Li <1278288511@qq.com> Date: Mon, 11 Aug 2025 10:48:08 +0800 Subject: [PATCH] =?UTF-8?q?0811=20=20=20ljc=20=20=20=E6=96=B0=E5=A2=9E.wel?= =?UTF-8?q?l-known/openid-configuration=E6=8E=A5=E5=8F=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../admin/oauth2/OAuth2OpenController.java | 126 ++++++++++++++++++ .../configuration/OpenIdConfiguration.java | 57 ++++++++ 2 files changed, 183 insertions(+) create mode 100644 modules/module-system-biz/src/main/java/cd/casic/module/system/controller/admin/oauth2/configuration/OpenIdConfiguration.java diff --git a/modules/module-system-biz/src/main/java/cd/casic/module/system/controller/admin/oauth2/OAuth2OpenController.java b/modules/module-system-biz/src/main/java/cd/casic/module/system/controller/admin/oauth2/OAuth2OpenController.java index bb257d3c..69c2dede 100644 --- a/modules/module-system-biz/src/main/java/cd/casic/module/system/controller/admin/oauth2/OAuth2OpenController.java +++ b/modules/module-system-biz/src/main/java/cd/casic/module/system/controller/admin/oauth2/OAuth2OpenController.java @@ -287,6 +287,132 @@ public class OAuth2OpenController { return success(getImplicitGrantRedirect(getLoginUserId(), client, approveScopes, redirectUri, state)); } + + + @GetMapping("/.well-known/openid-configuration") + @PermitAll + @Operation(summary = "OpenID Connect 发现配置端点") + public CommonResult> getOpenIdConfiguration(HttpServletRequest request) { + Map configuration = new HashMap<>(); + + // 获取基础URL + String baseUrl = "http://175.6.27.252:8081"; + + // issuer + configuration.put("issuer", baseUrl); + + // 授权端点 + configuration.put("authorization_endpoint", baseUrl + "/system/oauth2/authorize"); + + // Token端点 + configuration.put("token_endpoint", baseUrl + "/system/oauth2/token"); + + // 用户信息端点 + configuration.put("userinfo_endpoint", baseUrl + "/system/oauth2/userinfo"); + + // JWKS端点 + configuration.put("jwks_uri", baseUrl + "/system/oauth2/jwks"); + + // 结束会话端点 + configuration.put("end_session_endpoint", baseUrl + "/system/logout"); + + // 支持的响应类型 + configuration.put("response_types_supported", Arrays.asList( + "code", + "token", + "id_token", + "id_token token", + "code id_token", + "code token", + "code id_token token" + )); + + // 支持的授权类型 + configuration.put("grant_types_supported", Arrays.asList( + "authorization_code", + "refresh_token", + "client_credentials", + "password" + )); + + // 支持的主题类型 + configuration.put("subject_types_supported", Arrays.asList("public")); + + // ID Token签名算法 + configuration.put("id_token_signing_alg_values_supported", Arrays.asList("RS256")); + + // 支持的范围 + configuration.put("scopes_supported", Arrays.asList( + "openid", + "profile", + "email", + "address", + "phone" + )); + + // Token端点认证方法 + configuration.put("token_endpoint_auth_methods_supported", Arrays.asList( + "client_secret_basic", + "client_secret_post", + "client_secret_jwt", + "private_key_jwt" + )); + + // 支持的声明 + configuration.put("claims_supported", Arrays.asList( + "sub", + "iss", + "aud", + "exp", + "iat", + "auth_time", + "name", + "given_name", + "family_name", + "email", + "preferred_username" + )); + + // 请求参数支持 + configuration.put("request_parameter_supported", false); + + // 请求URI支持 + configuration.put("request_uri_parameter_supported", true); + + // 需要请求URI注册 + configuration.put("require_request_uri_registration", false); + + // 代码挑战方法支持 + configuration.put("code_challenge_methods_supported", Arrays.asList("plain", "S256")); + + return CommonResult.success(configuration); + } + + + /** + * 获取基础URL + */ + private String getBaseUrl(HttpServletRequest request) { + String scheme = request.getScheme(); + String serverName = request.getServerName(); + int serverPort = request.getServerPort(); + String contextPath = request.getContextPath(); + + StringBuilder url = new StringBuilder(); + url.append(scheme).append("://").append(serverName); + + if ((scheme.equals("http") && serverPort != 80) || + (scheme.equals("https") && serverPort != 443)) { + url.append(":").append(serverPort); + } + + url.append(contextPath); + + return url.toString(); + } + + + /** * 根据 response_type 获取对应的授权类型 * diff --git a/modules/module-system-biz/src/main/java/cd/casic/module/system/controller/admin/oauth2/configuration/OpenIdConfiguration.java b/modules/module-system-biz/src/main/java/cd/casic/module/system/controller/admin/oauth2/configuration/OpenIdConfiguration.java new file mode 100644 index 00000000..4bca3ec2 --- /dev/null +++ b/modules/module-system-biz/src/main/java/cd/casic/module/system/controller/admin/oauth2/configuration/OpenIdConfiguration.java @@ -0,0 +1,57 @@ +package cd.casic.module.system.controller.admin.oauth2.configuration; + +import com.fasterxml.jackson.annotation.JsonProperty; +import lombok.Data; + +import java.util.List; + +/** + * @ClassName OpenIdConfiguration + * @Author hopeli + * @Date 2025/8/11 09:52 + * @Version 1.0 + */ +@Data +public class OpenIdConfiguration { + @JsonProperty("issuer") + private String issuer; + + @JsonProperty("authorization_endpoint") + private String authorizationEndpoint; + + @JsonProperty("token_endpoint") + private String tokenEndpoint; + + @JsonProperty("userinfo_endpoint") + private String userinfoEndpoint; + + @JsonProperty("jwks_uri") + private String jwksUri; + + @JsonProperty("end_session_endpoint") + private String endSessionEndpoint; + + @JsonProperty("response_types_supported") + private List responseTypesSupported; + + @JsonProperty("subject_types_supported") + private List subjectTypesSupported; + + @JsonProperty("id_token_signing_alg_values_supported") + private List idTokenSigningAlgValuesSupported; + + @JsonProperty("scopes_supported") + private List scopesSupported; + + @JsonProperty("token_endpoint_auth_methods_supported") + private List tokenEndpointAuthMethodsSupported; + + @JsonProperty("claims_supported") + private List claimsSupported; + + @JsonProperty("grant_types_supported") + private List grantTypesSupported; + + @JsonProperty("code_challenge_methods_supported") + private List codeChallengeMethodsSupported; +}