0811 ljc 新增.well-known/openid-configuration接口

modules/module-system-biz/src/main/java/cd/casic/module/system/controller/admin/oauth2/OAuth2OpenController.java

@@ -287,6 +287,132 @@ public class OAuth2OpenController {
         return success(getImplicitGrantRedirect(getLoginUserId(), client, approveScopes, redirectUri, state));
     }
 
+
+
+    @GetMapping("/.well-known/openid-configuration")
+    @PermitAll
+    @Operation(summary = "OpenID Connect 发现配置端点")
+    public CommonResult<Map<String, Object>> getOpenIdConfiguration(HttpServletRequest request) {
+        Map<String, Object> configuration = new HashMap<>();
+
+        // 获取基础URL
+        String baseUrl = "http://175.6.27.252:8081";
+
+        // issuer
+        configuration.put("issuer", baseUrl);
+
+        // 授权端点
+        configuration.put("authorization_endpoint", baseUrl + "/system/oauth2/authorize");
+
+        // Token端点
+        configuration.put("token_endpoint", baseUrl + "/system/oauth2/token");
+
+        // 用户信息端点
+        configuration.put("userinfo_endpoint", baseUrl + "/system/oauth2/userinfo");
+
+        // JWKS端点
+        configuration.put("jwks_uri", baseUrl + "/system/oauth2/jwks");
+
+        // 结束会话端点
+        configuration.put("end_session_endpoint", baseUrl + "/system/logout");
+
+        // 支持的响应类型
+        configuration.put("response_types_supported", Arrays.asList(
+                "code",
+                "token",
+                "id_token",
+                "id_token token",
+                "code id_token",
+                "code token",
+                "code id_token token"
+        ));
+
+        // 支持的授权类型
+        configuration.put("grant_types_supported", Arrays.asList(
+                "authorization_code",
+                "refresh_token",
+                "client_credentials",
+                "password"
+        ));
+
+        // 支持的主题类型
+        configuration.put("subject_types_supported", Arrays.asList("public"));
+
+        // ID Token签名算法
+        configuration.put("id_token_signing_alg_values_supported", Arrays.asList("RS256"));
+
+        // 支持的范围
+        configuration.put("scopes_supported", Arrays.asList(
+                "openid",
+                "profile",
+                "email",
+                "address",
+                "phone"
+        ));
+
+        // Token端点认证方法
+        configuration.put("token_endpoint_auth_methods_supported", Arrays.asList(
+                "client_secret_basic",
+                "client_secret_post",
+                "client_secret_jwt",
+                "private_key_jwt"
+        ));
+
+        // 支持的声明
+        configuration.put("claims_supported", Arrays.asList(
+                "sub",
+                "iss",
+                "aud",
+                "exp",
+                "iat",
+                "auth_time",
+                "name",
+                "given_name",
+                "family_name",
+                "email",
+                "preferred_username"
+        ));
+
+        // 请求参数支持
+        configuration.put("request_parameter_supported", false);
+
+        // 请求URI支持
+        configuration.put("request_uri_parameter_supported", true);
+
+        // 需要请求URI注册
+        configuration.put("require_request_uri_registration", false);
+
+        // 代码挑战方法支持
+        configuration.put("code_challenge_methods_supported", Arrays.asList("plain", "S256"));
+
+        return CommonResult.success(configuration);
+    }
+
+
+    /**
+     * 获取基础URL
+     */
+    private String getBaseUrl(HttpServletRequest request) {
+        String scheme = request.getScheme();
+        String serverName = request.getServerName();
+        int serverPort = request.getServerPort();
+        String contextPath = request.getContextPath();
+
+        StringBuilder url = new StringBuilder();
+        url.append(scheme).append("://").append(serverName);
+
+        if ((scheme.equals("http") && serverPort != 80) ||
+                (scheme.equals("https") && serverPort != 443)) {
+            url.append(":").append(serverPort);
+        }
+
+        url.append(contextPath);
+
+        return url.toString();
+    }
+
+
+
     /**
      * 根据 response_type 获取对应的授权类型
      *

modules/module-system-biz/src/main/java/cd/casic/module/system/controller/admin/oauth2/configuration/OpenIdConfiguration.java

@@ -0,0 +1,57 @@
+package cd.casic.module.system.controller.admin.oauth2.configuration;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import lombok.Data;
+
+import java.util.List;
+
+/**
+ * @ClassName OpenIdConfiguration
+ * @Author hopeli
+ * @Date 2025/8/11 09:52
+ * @Version 1.0
+ */
+@Data
+public class OpenIdConfiguration {
+    @JsonProperty("issuer")
+    private String issuer;
+
+    @JsonProperty("authorization_endpoint")
+    private String authorizationEndpoint;
+
+    @JsonProperty("token_endpoint")
+    private String tokenEndpoint;
+
+    @JsonProperty("userinfo_endpoint")
+    private String userinfoEndpoint;
+
+    @JsonProperty("jwks_uri")
+    private String jwksUri;
+
+    @JsonProperty("end_session_endpoint")
+    private String endSessionEndpoint;
+
+    @JsonProperty("response_types_supported")
+    private List<String> responseTypesSupported;
+
+    @JsonProperty("subject_types_supported")
+    private List<String> subjectTypesSupported;
+
+    @JsonProperty("id_token_signing_alg_values_supported")
+    private List<String> idTokenSigningAlgValuesSupported;
+
+    @JsonProperty("scopes_supported")
+    private List<String> scopesSupported;
+
+    @JsonProperty("token_endpoint_auth_methods_supported")
+    private List<String> tokenEndpointAuthMethodsSupported;
+
+    @JsonProperty("claims_supported")
+    private List<String> claimsSupported;
+
+    @JsonProperty("grant_types_supported")
+    private List<String> grantTypesSupported;
+
+    @JsonProperty("code_challenge_methods_supported")
+    private List<String> codeChallengeMethodsSupported;
+}