Allow specifying more OIDC client metadata for dynamic registration (#4070)

src/oidc/register.ts

@@ -19,16 +19,37 @@ import { OidcError } from "./error";
 import { Method } from "../http-api";
 import { logger } from "../logger";
 import { ValidatedIssuerConfig } from "./validate";
+import { NonEmptyArray } from "../@types/common";
 
 /**
  * Client metadata passed to registration endpoint
  */
 export type OidcRegistrationClientMetadata = {
-    clientName: string;
-    clientUri: string;
-    redirectUris: string[];
+    clientName: OidcRegistrationRequestBody["client_name"];
+    clientUri: OidcRegistrationRequestBody["client_uri"];
+    logoUri?: OidcRegistrationRequestBody["logo_uri"];
+    applicationType: OidcRegistrationRequestBody["application_type"];
+    redirectUris: OidcRegistrationRequestBody["redirect_uris"];
+    contacts: OidcRegistrationRequestBody["contacts"];
+    tosUri: OidcRegistrationRequestBody["tos_uri"];
+    policyUri: OidcRegistrationRequestBody["policy_uri"];
 };
 
+interface OidcRegistrationRequestBody {
+    client_name: string;
+    client_uri: string;
+    logo_uri?: string;
+    contacts: NonEmptyArray<string>;
+    tos_uri: string;
+    policy_uri: string;
+    redirect_uris?: NonEmptyArray<string>;
+    response_types?: NonEmptyArray<string>;
+    grant_types?: NonEmptyArray<string>;
+    id_token_signed_response_alg: string;
+    token_endpoint_auth_method: string;
+    application_type: "web" | "native";
+}
+
 /**
  * Make the client registration request
  * @param registrationEndpoint - URL as returned from issuer ./well-known/openid-configuration
@@ -42,7 +63,7 @@ const doRegistration = async (
     clientMetadata: OidcRegistrationClientMetadata,
 ): Promise<string> => {
     // https://openid.net/specs/openid-connect-registration-1_0.html
-    const metadata = {
+    const metadata: OidcRegistrationRequestBody = {
         client_name: clientMetadata.clientName,
         client_uri: clientMetadata.clientUri,
         response_types: ["code"],
@@ -50,7 +71,11 @@ const doRegistration = async (
         redirect_uris: clientMetadata.redirectUris,
         id_token_signed_response_alg: "RS256",
         token_endpoint_auth_method: "none",
-        application_type: "web",
+        application_type: clientMetadata.applicationType,
+        logo_uri: clientMetadata.logoUri,
+        contacts: clientMetadata.contacts,
+        policy_uri: clientMetadata.policyUri,
+        tos_uri: clientMetadata.tosUri,
     };
     const headers = {
         "Accept": "application/json",
@@ -88,25 +113,16 @@ const doRegistration = async (
 /**
  * Attempts dynamic registration against the configured registration endpoint
  * @param delegatedAuthConfig - Auth config from ValidatedServerConfig
- * @param clientName - Client name to register with the OP, eg 'Element'
- * @param baseUrl - URL of the home page of the Client, eg 'https://app.element.io/'
+ * @param clientMetadata - The metadata for the client which to register
  * @returns Promise<string> resolved with registered clientId
  * @throws when registration is not supported, on failed request or invalid response
  */
 export const registerOidcClient = async (
     delegatedAuthConfig: IDelegatedAuthConfig & ValidatedIssuerConfig,
-    clientName: string,
-    baseUrl: string,
+    clientMetadata: OidcRegistrationClientMetadata,
 ): Promise<string> => {
-    const clientMetadata = {
-        clientName,
-        clientUri: baseUrl,
-        redirectUris: [baseUrl],
-    };
     if (!delegatedAuthConfig.registrationEndpoint) {
         throw new Error(OidcError.DynamicRegistrationNotSupported);
     }
-    const clientId = await doRegistration(delegatedAuthConfig.registrationEndpoint, clientMetadata);
-
-    return clientId;
+    return doRegistration(delegatedAuthConfig.registrationEndpoint, clientMetadata);
 };