From c9f73d718e7c3857a07e7f61a9c2c8ce4f928187 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@haufe-lexware.com>
Date: Mon, 18 Mar 2019 20:35:11 +0100
Subject: [PATCH] start implementing openid connect discovery

---
 passbook/oauth_client/forms.py          |  2 +-
 passbook/oauth_provider/urls.py         |  8 +++++--
 passbook/oauth_provider/views/openid.py | 30 +++++++++++++++++++++++++
 3 files changed, 37 insertions(+), 3 deletions(-)
 create mode 100644 passbook/oauth_provider/views/openid.py

diff --git a/passbook/oauth_client/forms.py b/passbook/oauth_client/forms.py
index 3f4db257e..a4e49ff00 100644
--- a/passbook/oauth_client/forms.py
+++ b/passbook/oauth_client/forms.py
@@ -120,5 +120,5 @@ class AzureADOAuthSourceForm(OAuthSourceForm):
             'request_token_url': '',
             'authorization_url': 'https://login.microsoftonline.com/common/oauth2/authorize',
             'access_token_url': 'https://login.microsoftonline.com/common/oauth2/token',
-            'profile_url': ' https://login.microsoftonline.com/common/openid/userinfo',
+            'profile_url': ' https://graph.windows.net/myorganization/me?api-version=1.6',
         }
diff --git a/passbook/oauth_provider/urls.py b/passbook/oauth_provider/urls.py
index 8541fe886..5badf8aa3 100644
--- a/passbook/oauth_provider/urls.py
+++ b/passbook/oauth_provider/urls.py
@@ -3,7 +3,7 @@
 from django.urls import path
 from oauth2_provider import views
 
-from passbook.oauth_provider.views import oauth2
+from passbook.oauth_provider.views import oauth2, openid
 
 urlpatterns = [
     # Custom OAuth 2 Authorize View
@@ -14,8 +14,12 @@ urlpatterns = [
     path('authorize/permission_denied/', oauth2.OAuthPermissionDenied.as_view(),
          name='oauth2-permission-denied'),
     # OAuth API
-    path("authorize/", views.AuthorizationView.as_view(), name="authorize"),
     path("token/", views.TokenView.as_view(), name="token"),
     path("revoke_token/", views.RevokeTokenView.as_view(), name="revoke-token"),
     path("introspect/", views.IntrospectTokenView.as_view(), name="introspect"),
+    # OpenID-Connect Discovery
+    path('.well-known/openid-configuration', openid.OpenIDConfigurationView.as_view(),
+         name='openid-discovery'),
+    path('.well-known/jwks.json', openid.JSONWebKeyView.as_view(),
+         name='openid-jwks'),
 ]
diff --git a/passbook/oauth_provider/views/openid.py b/passbook/oauth_provider/views/openid.py
new file mode 100644
index 000000000..b37f0877a
--- /dev/null
+++ b/passbook/oauth_provider/views/openid.py
@@ -0,0 +1,30 @@
+"""passbook oauth provider OpenID Views"""
+
+from django.http import HttpRequest, JsonResponse
+from django.shortcuts import reverse
+from django.views.generic import View
+
+
+class OpenIDConfigurationView(View):
+    """Return OpenID Configuration"""
+
+    def get(self, request: HttpRequest):
+        """Get Response conform to https://openid.net/specs/openid-connect-discovery-1_0.html"""
+        return JsonResponse({
+            'issuer': request.build_absolute_uri(),
+            'authorization_endpoint': request.build_absolute_uri(
+                reverse('passbook_oauth_provider:oauth2-authorize')),
+            'token_endpoint': request.build_absolute_uri(reverse('passbook_oauth_provider:token')),
+            "jwks_uri": request.build_absolute_uri(reverse('passbook_oauth_provider:openid-jwks')),
+            "scopes_supported": [
+                "openid:userinfo",
+            ],
+        })
+
+
+class JSONWebKeyView(View):
+    """JSON Web Key View"""
+
+    def get(self, request: HttpRequest):
+        """JSON Webkeys are not implemented yet, hence return an empty object"""
+        return JsonResponse({})