diff --git a/packages/backend/src/server/oauth/OAuth2ProviderService.ts b/packages/backend/src/server/oauth/OAuth2ProviderService.ts index a18b3519a5..d0cd211408 100644 --- a/packages/backend/src/server/oauth/OAuth2ProviderService.ts +++ b/packages/backend/src/server/oauth/OAuth2ProviderService.ts @@ -432,7 +432,15 @@ export class OAuth2ProviderService { issuer: this.config.url, authorization_endpoint: new URL('/oauth/authorize', this.config.url), token_endpoint: new URL('/oauth/token', this.config.url), + // TODO: support or not? + // introspection_endpoint: ... + // introspection_endpoint_auth_methods_supported: ... + scopes_supported: kinds, + response_types_supported: ['code'], + grant_types_supported: ['authorization_code'], + service_documentation: 'https://misskey-hub.net', code_challenge_methods_supported: ['S256'], + authorization_response_iss_parameter_supported: true, }); }); diff --git a/packages/backend/test/e2e/oauth.ts b/packages/backend/test/e2e/oauth.ts index 17fcea9e9d..69c5c869c8 100644 --- a/packages/backend/test/e2e/oauth.ts +++ b/packages/backend/test/e2e/oauth.ts @@ -7,6 +7,8 @@ import { AuthorizationCode } from 'simple-oauth2'; import pkceChallenge from 'pkce-challenge'; import { JSDOM } from 'jsdom'; +const host = `http://127.0.0.1:${port}`; + const clientPort = port + 1; const redirect_uri = `http://127.0.0.1:${clientPort}/redirect`; @@ -16,7 +18,7 @@ function getClient(): AuthorizationCode<'client_id'> { id: `http://127.0.0.1:${clientPort}/`, }, auth: { - tokenHost: `http://127.0.0.1:${port}`, + tokenHost: host, tokenPath: '/oauth/token', authorizePath: '/oauth/authorize', }, @@ -32,7 +34,7 @@ function getTransactionId(html: string): string | undefined { } function fetchDecision(cookie: string, transactionId: string, user: any, { cancel }: { cancel?: boolean } = {}): Promise { - return fetch(`http://127.0.0.1:${port}/oauth/decision`, { + return fetch(new URL('/oauth/decision', host), { method: 'post', body: new URLSearchParams({ transaction_id: transactionId!, @@ -535,7 +537,14 @@ describe('OAuth', () => { // TODO: disallow random same-origin URLs with strict redirect_uris with client information discovery }); - // TODO: .well-known/oauth-authorization-server + test('Server metadata', async () => { + const response = await fetch(new URL('.well-known/oauth-authorization-server', host)); + assert.strictEqual(response.status, 200); + + const body = await response.json(); + assert.strictEqual(body.issuer, 'http://misskey.local'); + assert.ok(body.scopes_supported.includes('write:notes')); + }); // TODO: authorizing two users concurrently