From e6b7ade7a40a6d5131285a3a5a63b8a479d9b76b Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Tue, 18 Mar 2025 14:32:45 -0600
Subject: refactor: use oauth server metadata to configure endpoints

---
 bin/ui | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/bin/ui b/bin/ui
index 61408e4..ff5de21 100755
--- a/bin/ui
+++ b/bin/ui
@@ -50,8 +50,16 @@ module OAuth
       }))
     end
 
-    def authorize_uri
-      "http://#{$idp_host}/oauth/authorize?client_id=#{client_id}&state=example&redirect_uri=#{$scheme}://#{$host}/oauth/callback&response_type=code&response_mode=query&scope=openid"
+    def [](key)
+      server_metadata.fetch(key)
+    end
+
+    def redirect_uri
+      "#{$scheme}://#{$host}/oauth/callback"
+    end
+
+    def authorize_uri(state: SecureRandom.uuid, response_mode: "query", scope: "openid")
+      "#{self[:authorization_endpoint]}?client_id=#{client_id}&state=#{state}&redirect_uri=#{redirect_uri}&response_type=code&response_mode=#{response_mode}&scope=#{scope}"
     end
 
     def with_http
@@ -60,9 +68,17 @@ module OAuth
       end
     end
 
+    def server_metadata
+      @server_metadata ||=
+        with_http do |client|
+          response = client.get("http://#{$idp_host}/.well-known/openid-configuration")
+          JSON.parse(response.body, symbolize_names: true)
+        end
+    end
+
     def exchange(grant_type:, code:)
       with_http do |client|
-        client.post("http://#{$idp_host}/oauth/token", body: {
+        client.post(self[:token_endpoint], body: {
           grant_type: grant_type,
           code: code,
           code_verifier: "not_implemented"
-- 
cgit v1.2.3