coryHawkvelt/gatehouse-api
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

refactor(oidc): move OIDC endpoints to versioned API path

Browse Source 
Separate OIDC discovery endpoint into its own blueprint registered at
root level (required by OIDC spec for .well-known path). Move all other
OIDC endpoints to /api/v1/oidc to conform to API versioning standard.

BREAKING CHANGE: OIDC endpoint URLs changed from /oidc/* to /api/v1/oidc/*
This commit is contained in:
Cory Hawkvelt
2026-04-07 00:24:18 +09:30
parent 1a4b4b220b
commit b567b7a518
2 changed files with 17 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
gatehouse_app/api/oidc.py
+12 -9
View File
@@ -71,9 +71,12 @@ def _fetch_oidc_params(oidc_session_id: str, *, consume: bool = False) -> dict |
return params
# Create OIDC blueprint registered at root level
# Create OIDC blueprint registered at /api/v1/oidc
oidc_bp = Blueprint("oidc", __name__)
# Create a separate blueprint for OIDC discovery (registered at root level per OIDC spec)
oidc_discovery_bp = Blueprint("oidc_discovery", __name__)
# ============================================================================
# Helper Functions
@@ -84,13 +87,13 @@ def get_oidc_config():
base_url = current_app.config.get("OIDC_ISSUER_URL", "http://localhost:5000")
return {
"issuer": base_url,
"authorization_endpoint": f"{base_url}/oidc/authorize",
"token_endpoint": f"{base_url}/oidc/token",
"userinfo_endpoint": f"{base_url}/oidc/userinfo",
"jwks_uri": f"{base_url}/oidc/jwks",
"registration_endpoint": f"{base_url}/oidc/register",
"revocation_endpoint": f"{base_url}/oidc/revoke",
"introspection_endpoint": f"{base_url}/oidc/introspect",
"authorization_endpoint": f"{base_url}/api/v1/oidc/authorize",
"token_endpoint": f"{base_url}/api/v1/oidc/token",
"userinfo_endpoint": f"{base_url}/api/v1/oidc/userinfo",
"jwks_uri": f"{base_url}/api/v1/oidc/jwks",
"registration_endpoint": f"{base_url}/api/v1/oidc/register",
"revocation_endpoint": f"{base_url}/api/v1/oidc/revoke",
"introspection_endpoint": f"{base_url}/api/v1/oidc/introspect",
"scopes_supported": ["openid", "profile", "email", "roles"],
"response_types_supported": ["code"],
"response_modes_supported": ["query"],
@@ -244,7 +247,7 @@ def parse_basic_auth():
# Discovery Endpoint
# ============================================================================
@oidc_bp.route("/.well-known/openid-configuration", methods=["GET"])
@oidc_discovery_bp.route("/.well-known/openid-configuration", methods=["GET"])
def oidc_discovery():
"""OpenID Connect Discovery endpoint.