oauth2: Don't show registration_endpoint if undefined

Signed-off-by: Shota Sawada <[email protected]>
ory · May 23, 2019 · 0326ae6 · 0326ae6
1 parent 7100973
commit 0326ae6
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 6 deletions.
diff --git a/driver/configuration/provider_viper.go b/driver/configuration/provider_viper.go
@@ -352,7 +352,7 @@ func (v *ViperProvider) OAuth2AuthURL() string {
 }
 
 func (v *ViperProvider) OAuth2ClientRegistrationURL() *url.URL {
-	return urlRoot(urlx.ParseOrFatal(v.l, viperx.GetString(v.l, ViperKeyOAuth2ClientRegistrationURL, "", "OAUTH2_CLIENT_REGISTRATION_URL")))
+	return urlx.ParseOrFatal(v.l, viperx.GetString(v.l, ViperKeyOAuth2ClientRegistrationURL, "", "OAUTH2_CLIENT_REGISTRATION_URL"))
 }
 
 func (v *ViperProvider) AllowTLSTerminationFrom() []string {

diff --git a/oauth2/doc.go b/oauth2/doc.go
@@ -45,7 +45,7 @@ type WellKnown struct {
 
 	// URL of the OP's Dynamic Client Registration Endpoint.
 	// example: https://playground.ory.sh/ory-hydra/admin/client
-	RegistrationEndpoint string `json:"registration_endpoint,omitempty"`
+	RegistrationEndpoint *string `json:"registration_endpoint,omitempty"`
 
 	// URL of the OP's OAuth 2.0 Token Endpoint
 	//

diff --git a/oauth2/handler.go b/oauth2/handler.go
@@ -215,13 +215,12 @@ func (h *Handler) LogoutHandler(w http.ResponseWriter, r *http.Request, ps httpr
 //       401: genericError
 //       500: genericError
 func (h *Handler) WellKnownHandler(w http.ResponseWriter, r *http.Request) {
-	h.r.Writer().Write(w, r, &WellKnown{
+	wk := &WellKnown{
 		Issuer:                             strings.TrimRight(h.c.IssuerURL().String(), "/") + "/",
 		AuthURL:                            urlx.AppendPaths(h.c.IssuerURL(), AuthPath).String(),
 		TokenURL:                           urlx.AppendPaths(h.c.IssuerURL(), TokenPath).String(),
 		JWKsURI:                            urlx.AppendPaths(h.c.IssuerURL(), JWKPath).String(),
 		RevocationEndpoint:                 urlx.AppendPaths(h.c.IssuerURL(), RevocationPath).String(),
-		RegistrationEndpoint:               h.c.OAuth2ClientRegistrationURL().String(),
 		SubjectTypes:                       h.c.SubjectTypesSupported(),
 		ResponseTypes:                      []string{"code", "code id_token", "id_token", "token id_token", "token", "token id_token code"},
 		ClaimsSupported:                    h.c.OIDCDiscoverySupportedClaims(),
@@ -240,7 +239,13 @@ func (h *Handler) WellKnownHandler(w http.ResponseWriter, r *http.Request) {
 		FrontChannelLogoutSupported:        true,
 		FrontChannelLogoutSessionSupported: true,
 		EndSessionEndpoint:                 urlx.AppendPaths(h.c.IssuerURL(), LogoutPath).String(),
-	})
+	}
+
+	if h.c.OAuth2ClientRegistrationURL().Path != "" {
+		wk.RegistrationEndpoint = stringPointer(h.c.OAuth2ClientRegistrationURL().String())
+	}
+
+	h.r.Writer().Write(w, r, wk)
 }
 
 // swagger:route GET /userinfo public userinfo
@@ -714,3 +719,7 @@ func (h *Handler) forwardError(w http.ResponseWriter, r *http.Request, err error
 // This function will not be called, OPTIONS request will be handled by cors
 // this is just a placeholder.
 func (h *Handler) handleOptions(w http.ResponseWriter, r *http.Request) {}
+
+func stringPointer(s string) *string {
+	return &s
+}
diff --git a/oauth2/handler_test.go b/oauth2/handler_test.go
@@ -389,13 +389,15 @@ func TestHandlerWellKnown(t *testing.T) {
 	require.NoError(t, err)
 	defer res.Body.Close()
 
+	registrationEndpoint := conf.OAuth2ClientRegistrationURL().String()
+
 	trueConfig := oauth2.WellKnown{
 		Issuer:                             strings.TrimRight(conf.IssuerURL().String(), "/") + "/",
 		AuthURL:                            urlx.AppendPaths(conf.IssuerURL(), oauth2.AuthPath).String(),
 		TokenURL:                           urlx.AppendPaths(conf.IssuerURL(), oauth2.TokenPath).String(),
 		JWKsURI:                            urlx.AppendPaths(conf.IssuerURL(), oauth2.JWKPath).String(),
 		RevocationEndpoint:                 urlx.AppendPaths(conf.IssuerURL(), oauth2.RevocationPath).String(),
-		RegistrationEndpoint:               conf.OAuth2ClientRegistrationURL().String(),
+		RegistrationEndpoint:               &registrationEndpoint,
 		SubjectTypes:                       []string{"pairwise", "public"},
 		ResponseTypes:                      []string{"code", "code id_token", "id_token", "token id_token", "token", "token id_token code"},
 		ClaimsSupported:                    conf.OIDCDiscoverySupportedClaims(),
@@ -415,6 +417,7 @@ func TestHandlerWellKnown(t *testing.T) {
 		FrontChannelLogoutSessionSupported: true,
 		EndSessionEndpoint:                 urlx.AppendPaths(conf.IssuerURL(), oauth2.LogoutPath).String(),
 	}
+
 	var wellKnownResp oauth2.WellKnown
 	err = json.NewDecoder(res.Body).Decode(&wellKnownResp)
 	require.NoError(t, err, "problem decoding wellknown json response: %+v", err)