Cleanup Auth Controller

src/Server/Controllers/OAuth.cs

@@ -4,15 +4,18 @@ using System.Web.Http;
 using Auth.Entities;
 using System.Text;
 using System.Security.Cryptography;
+using Microsoft.IdentityModel.Tokens;
 
 namespace Auth.Controllers {
     [ApiController]
     [Route("api/oauth/")]
     public class OAuthController : MistoxControllerBase {
 
-        public OAuthController(DatabaseService db) : base(db) {}
+        public OAuthController(DatabaseService db) : base(db) { }
 
-         private string GenerateCodeChallenge(string codeVerifier) {
+        /*
+
+        private string GenerateCodeChallenge(string codeVerifier) {
             using var sha256 = SHA256.Create();
             var bytes = sha256.ComputeHash(Encoding.ASCII.GetBytes(codeVerifier));
             return Base64UrlEncode(bytes);
@@ -25,10 +28,16 @@ namespace Auth.Controllers {
                 .Replace('/', '_');
         }
 
-        [HttpGet("/authorize")]
+        [HttpGet("authorize")]
         public async Task<ActionResult> Authorize([FromQuery] AuthorizationRequest request) {
             try {
 
+                if (request.ResponseType != "code") {
+                    return BadRequest("unsupported_code_type");
+                }
+
+                string RequestingApp = request.ClientId;
+
                 // Verify login
                 // create guid
                 // set guid to account
@@ -41,7 +50,7 @@ namespace Auth.Controllers {
             }
         }
 
-        [HttpPost("/token")]
+        [HttpPost("token")]
         public async Task<ActionResult> Token([FromForm] TokenRequest request) {
             try {
 
@@ -89,12 +98,74 @@ namespace Auth.Controllers {
                     expires_in = 3600,
                     refresh_token = refreshToken
                 });
-                
+
             } catch (Exception ex) {
                 Console.WriteLine("Delete Error: " + ex.Message);
                 return NotFound("An internal server error has occured");
             }
         }
 
+        [HttpGet("/userinfo")]
+        public async Task<IActionResult> UserInfo() {
+            Account user = await getLoggedInUser();
+            if (user == null) {
+                return Unauthorized();
+            }
+
+            var claims = new {
+                sub = user.ID,
+                preferred_username = user.UserName,
+                email = user.Email,
+                email_verified = user.EmailVerified
+            };
+
+            return Ok(claims);
+        }
+
+        [HttpGet("/.well-known/openid-configuration")]
+        public IActionResult OpenIdConfiguration() {
+            var issuer = "https://your-auth-server.com";
+
+            var config = new {
+                issuer = issuer,
+                authorization_endpoint = $"{issuer}/authorize",
+                token_endpoint = $"{issuer}/token",
+                userinfo_endpoint = $"{issuer}/userinfo",
+                jwks_uri = $"{issuer}/.well-known/jwks.json",
+                response_types_supported = new[] { "code", "token", "id_token", "code id_token" },
+                subject_types_supported = new[] { "public" },
+                id_token_signing_alg_values_supported = new[] { "RS256" },
+                scopes_supported = new[] { "openid", "profile", "email" },
+                token_endpoint_auth_methods_supported = new[] { "client_secret_basic", "private_key_jwt" },
+                claims_supported = new[] { "sub", "name", "preferred_username", "email", "email_verified" }
+            };
+
+            return Ok(config);
+        }
+
+        [HttpGet("/.well-known/jwks.json")]
+        public IActionResult GetJwks() {
+            var key = new RsaSecurityKey(rsa) {
+                KeyId = "my-key-id-123" // a unique key ID, important for clients
+            };
+
+            var parameters = key.Rsa.ExportParameters(false); // export public key only
+
+            var jwk = new JsonWebKey {
+                Kid = key.KeyId,
+                Kty = "RSA",
+                Use = "sig",      // signing
+                Alg = SecurityAlgorithms.RsaSha256,
+                N = Base64UrlEncoder.Encode(parameters.Modulus),
+                E = Base64UrlEncoder.Encode(parameters.Exponent)
+            };
+
+            var jwks = new { keys = new[] { jwk } };
+
+            return Ok(jwks);
+        }
+
+        */
+
     }
 }