lib/openid_connect/discovery/provider/config/response.rb in openid_connect-0.3.3 vs lib/openid_connect/discovery/provider/config/response.rb in openid_connect-0.3.4
- old
+ new
@@ -15,11 +15,11 @@
:refresh_session_endpoint,
:end_session_endpoint,
:jwk_url,
:jwk_encryption_url,
:x509_url,
- :x509_encryption_ur,
+ :x509_encryption_url,
:registration_endpoint,
:scopes_supported,
:response_types_supported,
:acrs_supported,
:user_id_types_supported,
@@ -48,9 +48,49 @@
end
hash[:userinfo_endpoint] = hash.delete(:user_info_endpoint)
hash[:userinfo_algs_supported] = hash.delete(:user_info_algs_supported)
hash.delete_if do |key, value|
value.nil?
+ end
+ end
+
+ def signing_key
+ x509_public_key || jwk_public_key
+ end
+
+ def encryption_key
+ if x509_encryption_url
+ x509_public_key :for_encryption
+ elsif jwk_encryption_url
+ jwk_public_key :for_encryption
+ else
+ signing_key
+ end
+ end
+
+ private
+
+ def x509_public_key(for_encryption = false)
+ endpoint = if for_encryption
+ x509_encryption_url || x509_url
+ else
+ x509_url
+ end
+ if endpoint
+ cert = OpenSSL::X509::Certificate.new OpenIDConnect.http_client.get_content(endpoint)
+ cert.public_key
+ end
+ end
+
+ def jwk_public_key(for_encryption = false)
+ endpoint = if for_encryption
+ jwk_encryption_url || jwk_url
+ else
+ jwk_url
+ end
+ if endpoint
+ jwk_set = JSON.parse OpenIDConnect.http_client.get_content(endpoint), symbolize_names: true
+ JSON::JWK.decode jwk_set[:keys].first
end
end
end
end
end
\ No newline at end of file