From 0326ae66d09ea03106126138046491a3cf1f5725 Mon Sep 17 00:00:00 2001
From: Shota Sawada <xiootas@gmail.com>
Date: Thu, 23 May 2019 12:08:54 +0900
Subject: [PATCH] oauth2: Don't show registration_endpoint if undefined

Signed-off-by: Shota Sawada <xiootas@gmail.com>
---
 driver/configuration/provider_viper.go |  2 +-
 oauth2/doc.go                          |  2 +-
 oauth2/handler.go                      | 15 ++++++++++++---
 oauth2/handler_test.go                 |  5 ++++-
 4 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/driver/configuration/provider_viper.go b/driver/configuration/provider_viper.go
index 7a5d2d0e426..7606d1dcc4f 100644
--- a/driver/configuration/provider_viper.go
+++ b/driver/configuration/provider_viper.go
@@ -352,7 +352,7 @@ func (v *ViperProvider) OAuth2AuthURL() string {
 }
 
 func (v *ViperProvider) OAuth2ClientRegistrationURL() *url.URL {
-	return urlRoot(urlx.ParseOrFatal(v.l, viperx.GetString(v.l, ViperKeyOAuth2ClientRegistrationURL, "", "OAUTH2_CLIENT_REGISTRATION_URL")))
+	return urlx.ParseOrFatal(v.l, viperx.GetString(v.l, ViperKeyOAuth2ClientRegistrationURL, "", "OAUTH2_CLIENT_REGISTRATION_URL"))
 }
 
 func (v *ViperProvider) AllowTLSTerminationFrom() []string {
diff --git a/oauth2/doc.go b/oauth2/doc.go
index fe2b6ced9c8..1906f5e12da 100644
--- a/oauth2/doc.go
+++ b/oauth2/doc.go
@@ -45,7 +45,7 @@ type WellKnown struct {
 
 	// URL of the OP's Dynamic Client Registration Endpoint.
 	// example: https://playground.ory.sh/ory-hydra/admin/client
-	RegistrationEndpoint string `json:"registration_endpoint,omitempty"`
+	RegistrationEndpoint *string `json:"registration_endpoint,omitempty"`
 
 	// URL of the OP's OAuth 2.0 Token Endpoint
 	//
diff --git a/oauth2/handler.go b/oauth2/handler.go
index 556777044c7..28429ef95e6 100644
--- a/oauth2/handler.go
+++ b/oauth2/handler.go
@@ -215,13 +215,12 @@ func (h *Handler) LogoutHandler(w http.ResponseWriter, r *http.Request, ps httpr
 //       401: genericError
 //       500: genericError
 func (h *Handler) WellKnownHandler(w http.ResponseWriter, r *http.Request) {
-	h.r.Writer().Write(w, r, &WellKnown{
+	wk := &WellKnown{
 		Issuer:                             strings.TrimRight(h.c.IssuerURL().String(), "/") + "/",
 		AuthURL:                            urlx.AppendPaths(h.c.IssuerURL(), AuthPath).String(),
 		TokenURL:                           urlx.AppendPaths(h.c.IssuerURL(), TokenPath).String(),
 		JWKsURI:                            urlx.AppendPaths(h.c.IssuerURL(), JWKPath).String(),
 		RevocationEndpoint:                 urlx.AppendPaths(h.c.IssuerURL(), RevocationPath).String(),
-		RegistrationEndpoint:               h.c.OAuth2ClientRegistrationURL().String(),
 		SubjectTypes:                       h.c.SubjectTypesSupported(),
 		ResponseTypes:                      []string{"code", "code id_token", "id_token", "token id_token", "token", "token id_token code"},
 		ClaimsSupported:                    h.c.OIDCDiscoverySupportedClaims(),
@@ -240,7 +239,13 @@ func (h *Handler) WellKnownHandler(w http.ResponseWriter, r *http.Request) {
 		FrontChannelLogoutSupported:        true,
 		FrontChannelLogoutSessionSupported: true,
 		EndSessionEndpoint:                 urlx.AppendPaths(h.c.IssuerURL(), LogoutPath).String(),
-	})
+	}
+
+	if h.c.OAuth2ClientRegistrationURL().Path != "" {
+		wk.RegistrationEndpoint = stringPointer(h.c.OAuth2ClientRegistrationURL().String())
+	}
+
+	h.r.Writer().Write(w, r, wk)
 }
 
 // swagger:route GET /userinfo public userinfo
@@ -714,3 +719,7 @@ func (h *Handler) forwardError(w http.ResponseWriter, r *http.Request, err error
 // This function will not be called, OPTIONS request will be handled by cors
 // this is just a placeholder.
 func (h *Handler) handleOptions(w http.ResponseWriter, r *http.Request) {}
+
+func stringPointer(s string) *string {
+	return &s
+}
diff --git a/oauth2/handler_test.go b/oauth2/handler_test.go
index 8c0922cdfa6..6681ff9704d 100644
--- a/oauth2/handler_test.go
+++ b/oauth2/handler_test.go
@@ -389,13 +389,15 @@ func TestHandlerWellKnown(t *testing.T) {
 	require.NoError(t, err)
 	defer res.Body.Close()
 
+	registrationEndpoint := conf.OAuth2ClientRegistrationURL().String()
+
 	trueConfig := oauth2.WellKnown{
 		Issuer:                             strings.TrimRight(conf.IssuerURL().String(), "/") + "/",
 		AuthURL:                            urlx.AppendPaths(conf.IssuerURL(), oauth2.AuthPath).String(),
 		TokenURL:                           urlx.AppendPaths(conf.IssuerURL(), oauth2.TokenPath).String(),
 		JWKsURI:                            urlx.AppendPaths(conf.IssuerURL(), oauth2.JWKPath).String(),
 		RevocationEndpoint:                 urlx.AppendPaths(conf.IssuerURL(), oauth2.RevocationPath).String(),
-		RegistrationEndpoint:               conf.OAuth2ClientRegistrationURL().String(),
+		RegistrationEndpoint:               &registrationEndpoint,
 		SubjectTypes:                       []string{"pairwise", "public"},
 		ResponseTypes:                      []string{"code", "code id_token", "id_token", "token id_token", "token", "token id_token code"},
 		ClaimsSupported:                    conf.OIDCDiscoverySupportedClaims(),
@@ -415,6 +417,7 @@ func TestHandlerWellKnown(t *testing.T) {
 		FrontChannelLogoutSessionSupported: true,
 		EndSessionEndpoint:                 urlx.AppendPaths(conf.IssuerURL(), oauth2.LogoutPath).String(),
 	}
+
 	var wellKnownResp oauth2.WellKnown
 	err = json.NewDecoder(res.Body).Decode(&wellKnownResp)
 	require.NoError(t, err, "problem decoding wellknown json response: %+v", err)