Expose the issuer uri

hiboo/sso/oidc.py

@@ -125,7 +125,7 @@ class Client(sqla_oauth2.OAuth2ClientMixin):
         service = self.service
         return {
             'key': service.config["jwt_key"], 'alg': service.config["jwt_alg"],
-            'iss': flask.url_for("sso.oidc_token", service_uuid=service.uuid, _external=True),
+            'iss': flask.url_for("sso.oidc_issuer", service_uuid=service.uuid, _external=True),
             'exp': 3600,
         }
 
@@ -178,7 +178,7 @@ class Client(sqla_oauth2.OAuth2ClientMixin):
         """
         uuid = self.service.uuid
         return flask.jsonify({
-            "issuer": flask.url_for("sso.oidc_token", service_uuid=uuid, _external=True),
+            "issuer": flask.url_for("sso.oidc_issuer", service_uuid=uuid, _external=True),
             "authorization_endpoint": flask.url_for("sso.oidc_authorize", service_uuid=uuid, _external=True),
             "token_endpoint": flask.url_for("sso.oidc_token", service_uuid=uuid, _external=True),
             "userinfo_endpoint": flask.url_for("sso.oidc_userinfo", service_uuid=uuid, _external=True),
@@ -193,6 +193,11 @@ class Client(sqla_oauth2.OAuth2ClientMixin):
         return flask.jsonify({"keys": [self.service.config["jwt_public_key"]]})
 
 
+@blueprint.route("/oidc/<service_uuid>")
+def oidc_issuer(service_uuid):
+    return flask.redirect(".oidc_discovery", service_uuid)
+
+
 @blueprint.route("/oidc/authorize/<service_uuid>", methods=["GET", "POST"])
 @blueprint.route("/oidc/<service_uuid>/authorize", methods=["GET", "POST"])
 @security.authentication_required()