Add a link to OpenID Issuer URL in WebFinger response (#26000)
This change adds an entry to the `links` field of the `/.well-known/webfinger` response. The new entry points to the `appURL` as an OpenID issuer. This is consistent with the output of `/.well-known/openid-configuration`, which also uses the value of `appURL`. This change is required for Tailscale SSO to work, as it uses the OpenID Issuer URL when querying the Tailscale user email during signup/login ([docs](https://tailscale.com/kb/1240/sso-custom-oidc/#webfinger-setup)).
This commit is contained in:
parent
01c04607c7
commit
df55f9b189
|
@ -106,6 +106,10 @@ func WebfingerQuery(ctx *context.Context) {
|
||||||
Type: "application/activity+json",
|
Type: "application/activity+json",
|
||||||
Href: appURL.String() + "api/v1/activitypub/user-id/" + fmt.Sprint(u.ID),
|
Href: appURL.String() + "api/v1/activitypub/user-id/" + fmt.Sprint(u.ID),
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Rel: "http://openid.net/specs/connect/1.0/issuer",
|
||||||
|
Href: appURL.String(),
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx.Resp.Header().Add("Access-Control-Allow-Origin", "*")
|
ctx.Resp.Header().Add("Access-Control-Allow-Origin", "*")
|
||||||
|
|
Loading…
Reference in a new issue