wanglei/AuthPlatform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修改配置文件,将OIDC的OP端点配置接口配置到一个文件中

Browse Source
This commit is contained in:
wanglei 2025-11-19 18:00:17 +08:00
parent 919e5812f9
commit 5d91f77f85
4 changed files with 33 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
conf/nginx.conf
View File

@ -56,32 +56,10 @@ http {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
if ($request_method = 'OPTIONS') {
return 204;
}
#OP端点配置
location /yum/v1/.well-known/openid-configuration {
content_by_lua_block {
local cjson = require "cjson"
local config = {
issuer = "http://localhost:9080",
authorization_endpoint = "http://localhost:9080/yum/v1/oauth/v2/authorize",
token_endpoint = "http://localhost:9080yum/v1/oauth/v2/token",
userinfo_endpoint = "http://localhost:9080yum/v1/oauth/v2/userinfo",
--jwks_uri = "http://localhost:9080/jwks", -- 公钥端点(可选)
grant_types_supported = { "authorization_code", "token", "refresh_token" }, -- 新增支持 refresh_token
response_types_supported = { "code" },
subject_types_supported = { "public" },
id_token_signing_alg_values_supported = { "HS256" },
refresh_token_issuance_supported = true -- 声明支持颁发 refresh_token
}
ngx.header["Content-Type"] = "application/json"
ngx.say(cjson.encode(config))
}
}
#数据列表配置
include 'system/system.conf';
@ -95,20 +73,6 @@ http {
location /test {
content_by_lua_file '${APP_PATH}/src/test/test.lua';
}
location = /testSM {
content_by_lua_block {
cjson = require "cjson.safe"
ngx.say(cjson.encode({a = 1, b = 2}))
local dict_a = ngx.shared.dict_a;
ngx.say("abc=",dict_a:get("abc"))
-- 访问全局变量
ngx.say("Global variable: ", global_var)
-- 访问共享字典
ngx.say("Shared dict value: ", dict_a:get("key"))
}
}
}
#server {

5
conf/system/system.conf
View File

@ -51,6 +51,11 @@ location /yum/v1/system/users {
######################################################
### oauth2.0 + openIDC 接口文件处理 ###
######################################################
#OP认证端点相关
location /yum/v1/.well-known/openid-configuration {
content_by_lua_file '${APP_PATH}/src/api/oidc/config.lua';
}
#用户认证登陆相关
location /yum/v1/oauth/v2 {
content_by_lua_file '${APP_PATH}/src/api/oauth/oauth.lua';

8
src/api/oauth/oauth.lua
View File

@ -11,8 +11,14 @@ local oauthService = require("service.oauth.oauth")
--定义相关路由前端接口url地址
local routes = {
--------------------------------------------
------------ OAuth2.0认证相关路由配置 ---------
------------ OIDC OAuth2.0认证相关路由配置 ---
--------------------------------------------
--OP端点配置
{
paths = { "/yum/v1/.well-known/openid-configuration" },
methods = { "GET", "POST" },
handler = oauthService.openidConfig,
},
--获取授权码
{
paths = { "/yum/v1/oauth/v2/authorize" },

21
src/api/oidc/config.lua Normal file
View File

@ -0,0 +1,21 @@
---
--- Generated by EmmyLua(https://github.com/EmmyLua)
--- Created by admin.
--- DateTime: 2025/11/19 11:48
--- openID Connect 认证端点配置文件
local cjson = require "cjson.safe"
local config = {
issuer = "http://localhost:9080",
authorization_endpoint = "http://localhost:9080/yum/v1/oauth/v2/authorize",
token_endpoint = "http://localhost:9080yum/v1/oauth/v2/token",
userinfo_endpoint = "http://localhost:9080yum/v1/oauth/v2/userinfo",
--jwks_uri = "http://localhost:9080/jwks", -- 公钥端点(可选)
grant_types_supported = { "authorization_code", "token", "refresh_token" }, -- 新增支持 refresh_token
response_types_supported = { "code" },
subject_types_supported = { "public" },
id_token_signing_alg_values_supported = { "HS256" },
refresh_token_issuance_supported = true -- 声明支持颁发 refresh_token
}
ngx.header["Content-Type"] = "application/json"
ngx.say(cjson.encode(config))