/** * Displays the OpenID Connect configuration file for this installation. * */ public function openid_configuration() { $mgr = ModuleManager::instance(); header('Content-Type: application/json'); header('Content-Disposition: inline; filename=openid-configuration'); $scopes = $mgr->invokeAll('scopes'); $jwt_signing_algs = AlgorithmFactory::getSupportedAlgs(Algorithm::SIGNATURE_ALGORITHM); $jwt_encryption_algs = AlgorithmFactory::getSupportedAlgs(Algorithm::KEY_ALGORITHM); $jwt_encryption_enc_algs = AlgorithmFactory::getSupportedAlgs(Algorithm::ENCRYPTION_ALGORITHM); $claims_supported = array('sub', 'iss', 'auth_time', 'acr'); foreach ($scopes['oauth'] as $scope => $settings) { if (isset($settings['claims'])) { $claims_supporteds = array_merge($claims_supported, $settings['claims']); } } $token_endpoint_auth_methods_supported = array('client_secret_basic', 'client_secret_post'); $config = array('issuer' => $this->getCanonicalHost(), 'authorization_endpoint' => $this->getCanonicalURL('@oauth_auth', '', 'https'), 'token_endpoint' => $this->getCanonicalURL('@oauth_token', '', 'https'), 'userinfo_endpoint' => $this->getCanonicalURL('@connect_userinfo', '', 'https'), 'jwks_uri' => $this->getCanonicalURL('@connect_jwks', '', 'https'), 'scopes_supported' => array_keys($scopes['oauth']), 'response_types_supported' => array('code', 'token', 'id_token', 'id_token token', 'code token', 'code id_token', 'code id_token token'), 'response_modes_supported' => Response::getResponseModesSupported(), 'grant_types_supported' => array('authorization_code', 'refresh_token'), 'acr_values_supported' => array(), 'subject_types_supported' => array('public', 'pairwise'), 'userinfo_signing_alg_values_supported' => $jwt_signing_algs, 'userinfo_encryption_alg_values_supported' => $jwt_encryption_algs, 'userinfo_encryption_enc_alg_values_supported' => $jwt_encryption_enc_algs, 'id_token_signing_alg_values_supported' => $jwt_signing_algs, 'id_token_encrpytion_alg_values_supported' => $jwt_encryption_algs, 'id_token_encrpytion_enc_alg_values_supported' => $jwt_encryption_enc_algs, 'request_object_signing_alg_values_supported' => array_merge($jwt_signing_algs, array('none')), 'request_object_encryption_alg_values_supported' => $jwt_encryption_algs, 'request_object_encryption_enc_alg_values_supported' => $jwt_encryption_enc_algs, 'token_endpoint_auth_methods_supported' => $token_endpoint_auth_methods_supported, 'claim_types_supported' => array('normal'), 'claims_supported' => $claims_supported, 'claims_parameter_supported' => true, 'request_parameter_supported' => true, 'request_uri_parameter_supported' => true, 'require_request_uri_registration' => false, 'service_documentation' => 'http://simpleid.koinic.net/docs/'); $config = array_merge($config, $mgr->invokeAll('connectConfiguration')); print json_encode($config); }