lib/rodauth/features/oidc.rb in rodauth-oauth-0.6.1 vs lib/rodauth/features/oidc.rb in rodauth-oauth-0.7.0

@@ -66,11 +66,11 @@
     auth_value_method :oauth_application_scopes, %w[openid]
 
     auth_value_method :oauth_grants_nonce_column, :nonce
     auth_value_method :oauth_tokens_nonce_column, :nonce
 
-    auth_value_method :invalid_scope_message, "The Access Token expired"
+    translatable_method :invalid_scope_message, "The Access Token expired"
 
     auth_value_method :webfinger_relation, "http://openid.net/specs/connect/1.0/issuer"
 
     auth_value_method :oauth_prompt_login_cookie_key, "_rodauth_oauth_prompt_login"
     auth_value_method :oauth_prompt_login_cookie_options, {}.freeze
@@ -184,10 +184,12 @@
       end
     end
 
     def openid_configuration(alt_issuer = nil)
       request.on(".well-known/openid-configuration") do
+        allow_cors(request)
+
         request.get do
           json_response_success(openid_configuration_body(alt_issuer), cache: true)
         end
       end
     end
@@ -490,8 +492,18 @@
         # Filter null values in optional items
         (!REQUIRED_METADATA_KEYS.include?(key.to_sym) && val.nil?) ||
           # Claims with zero elements MUST be omitted from the response
           (val.respond_to?(:empty?) && val.empty?)
       end
+    end
+
+    def allow_cors(request)
+      return unless request.request_method == "OPTIONS"
+
+      response["Access-Control-Allow-Origin"] = "*"
+      response["Access-Control-Allow-Methods"] = "GET, OPTIONS"
+      response["Access-Control-Max-Age"] = "3600"
+      response.status = 200
+      request.halt
     end
   end
 end