Merge branch 'main' of https://github.com/go-gitea/gitea into feature…

…-jwt-asymmetric
go-gitea · 6543 · Jun 17, 2021 · May 28, 2021 · May 29, 2021 · May 30, 2021
commit 25a213cc38e4d5394bf0243ff5b99dcfb63f8e5e
diff --git a/routers/web/user/oauth.go b/routers/web/user/oauth.go
@@ -211,6 +211,20 @@ func newAccessTokenResponse(grant *models.OAuth2Grant, signingKey oauth2.JWTSign
 			},
 			Nonce: grant.Nonce,
 		}
+		if grant.ScopeContains("profile") {
+			idToken.Name = app.User.FullName
+			idToken.PreferredUsername = app.User.Name
+			idToken.Profile = app.User.HTMLURL()
+			idToken.Picture = app.User.AvatarLink()
+			idToken.Website = app.User.Website
+			idToken.Locale = app.User.Language
+			idToken.UpdatedAt = app.User.UpdatedUnix
+		}
+		if grant.ScopeContains("email") {
+			idToken.Email = app.User.Email
+			idToken.EmailVerified = app.User.IsActive
+		}
+
 		signedIDToken, err = idToken.SignToken(signingKey)
 		if err != nil {
 			return nil, &AccessTokenError{

diff --git a/templates/user/auth/oidc_wellknown.tmpl b/templates/user/auth/oidc_wellknown.tmpl
@@ -13,5 +13,34 @@
     ],
     "subject_types_supported": [
         "public"
+    ],
+    "scopes_supported": [
+        "openid",
+        "profile",
+        "email"
+    ],
+    "claims_supported": [
+        "aud",
+        "exp",
+        "iat",
+        "iss",
+        "sub",
+        "name",
+        "preferred_username",
+        "profile",
+        "picture",
+        "website",
+        "locale",
+        "updated_at",
+        "email",
+        "email_verified"
+    ],
+    "code_challenge_methods_supported": [
+        "plain",
+        "S256"
+    ],
+    "grant_types_supported": [
+        "authorization_code",
+        "refresh_token"
     ]
 }