add OpenID Connect discovery endpoint and update configuration handling

Author: chrisw-dev

README.md

@@ -13,6 +13,7 @@ This mock server recreates Google's OAuth2 flow without requiring an internet co
 - `/authorize` - Authorization endpoint where users are redirected to authenticate
 - `/token` - Token exchange endpoint to obtain access tokens
 - `/userinfo` - User profile information endpoint
+- `/.well-known/openid-configuration` - OpenID Connect discovery endpoint
 
 ## Use Cases
 - Develop OAuth2 clients offline
@@ -47,8 +48,14 @@ go build -o mock-oauth2-server ./cmd/server
 # Specify a custom port using the command-line flag (highest priority)
 ./mock-oauth2-server --port 9088
 
+# Specify a custom hostname for the server URLs
+./mock-oauth2-server --host http://mock-oauth2-server:9088
+
 # Specify a custom port using environment variable (used if no command-line flag is provided)
 MOCK_OAUTH_PORT=9088 ./mock-oauth2-server
+
+# Specify a custom issuer URL using environment variable (useful in containerized environments)
+MOCK_ISSUER_URL=http://mock-oauth2:8080 ./mock-oauth2-server
 ```
 
 ## Running with Docker
@@ -123,6 +130,7 @@ services:
       - [email protected]
       - MOCK_USER_NAME=Test User
       - MOCK_TOKEN_EXPIRY=3600
+      - MOCK_ISSUER_URL=http://mock-oauth2:8080
     # Mount a volume for custom fixtures if needed
     # volumes:
     #   - ./test/fixtures:/app/test/fixtures
@@ -185,6 +193,8 @@ golang-mock-oauth2-server/
 │   │   ├── token_test.go                 # Test token handler
 │   │   ├── userinfo.go
 │   │   ├── userinfo_test.go              # Test userinfo handler
+│   │   ├── openid_config.go              # OpenID Connect discovery endpoint
+│   │   ├── openid_config_test.go         # Test OpenID Connect discovery
 │   │   ├── config.go
 │   │   └── config_test.go                # Test config handler
 │   ├── middleware/
@@ -227,6 +237,7 @@ Handler functions process incoming HTTP requests for each OAuth2 endpoint:
 - `authorize.go` - Handles user authentication and generates authorization codes
 - `token.go` - Exchanges authorization codes for access tokens
 - `userinfo.go` - Returns user profile information
+- `openid_config.go` - Provides OpenID Connect discovery metadata
 - `config.go` - Manages dynamic configuration for testing
 
 #### Configuration (`internal/config/`)
@@ -312,6 +323,33 @@ Retrieves mock user profile information.
 }
 ```
 
+#### OpenID Connect Discovery Endpoint (`/.well-known/openid-configuration`)
+
+Provides OpenID Connect (OIDC) configuration metadata for client auto-configuration.
+
+**Method**: GET
+
+**Response**: A JSON document with standard OIDC configuration
+
+```json
+{
+  "issuer": "http://localhost:8080",
+  "authorization_endpoint": "http://localhost:8080/authorize",
+  "token_endpoint": "http://localhost:8080/token",
+  "userinfo_endpoint": "http://localhost:8080/userinfo",
+  "jwks_uri": "http://localhost:8080/jwks",
+  "response_types_supported": ["code"],
+  "subject_types_supported": ["public"],
+  "id_token_signing_alg_values_supported": ["RS256"],
+  "scopes_supported": ["openid", "email", "profile"],
+  "token_endpoint_auth_methods_supported": ["client_secret_post", "client_secret_basic"],
+  "claims_supported": [
+    "sub", "iss", "name", "given_name", 
+    "family_name", "email", "email_verified", "picture"
+  ]
+}
+```
+
 #### Configuration Endpoint
 
 ##### Dynamic Configuration Endpoint (`/config`)
@@ -376,36 +414,60 @@ Available configuration options:
   - Environment: `MOCK_OAUTH_PORT=9088`
   - Default: `8080`
 
+- Issuer URL:
+  - Command-line: `--host http://custom-hostname:9088`
+  - Environment: `MOCK_ISSUER_URL=http://mock-oauth2:9088`
+  - Default: `http://localhost:[port]`
+
 - Other settings (environment variables only):
   - `MOCK_USER_EMAIL` - Email for the mock user (default: [email protected])
   - `MOCK_USER_NAME` - Name for the mock user (default: Test User)
   - `MOCK_TOKEN_EXPIRY` - Token expiry in seconds (default: 3600)
 
+The issuer URL is particularly important in containerized environments where the service name differs from "localhost". It affects the URLs returned in the OpenID Connect discovery document and needs to match what your OAuth client is configured to use.
+
 ### Example Usage
 
 In your OAuth2 client application:
 
-```bash
+```go
+// For a Go application using the golang.org/x/oauth2 package
+import (
+    "context"
+    "golang.org/x/oauth2"
+)
+
 const (
     clientID     = "test-client-id"
     clientSecret = "test-client-secret"
     redirectURL  = "http://localhost:8081/callback"
-    authURL      = "http://localhost:8080/authorize"
-    tokenURL     = "http://localhost:8080/token"
-    userInfoURL  = "http://localhost:8080/userinfo"
 )
 
-// Configure OAuth2 client to use the mock server
+// You can either specify endpoints manually:
 oauth2Config := &oauth2.Config{
     ClientID:     clientID,
     ClientSecret: clientSecret,
     RedirectURL:  redirectURL,
     Scopes:       []string{"openid", "email", "profile"},
     Endpoint: oauth2.Endpoint{
-        AuthURL:  authURL,
-        TokenURL: tokenURL,
+        AuthURL:  "http://localhost:8080/authorize",
+        TokenURL: "http://localhost:8080/token",
     },
 }
+
+// Or use the OpenID Connect discovery document:
+provider, err := oidc.NewProvider(context.Background(), "http://localhost:8080")
+if err != nil {
+    // handle error
+}
+
+oauth2Config := &oauth2.Config{
+    ClientID:     clientID,
+    ClientSecret: clientSecret,
+    RedirectURL:  redirectURL,
+    Scopes:       []string{"openid", "email", "profile"},
+    Endpoint:     provider.Endpoint(),
+}
 ```
 
 ## Testing Strategies

cmd/server/main.go

@@ -46,10 +46,19 @@ func main() {
 
 	// Determine the base URL for OpenID Connect configuration
 	baseURL := host
+	
+	// If host flag is not provided, check for IssuerURL in config (from MOCK_ISSUER_URL env var)
+	if baseURL == "" {
+		baseURL = cfg.IssuerURL
+	}
+	
+	// If neither host flag nor MOCK_ISSUER_URL env var is provided, use localhost
 	if baseURL == "" {
 		baseURL = fmt.Sprintf("http://localhost:%d", serverPort)
 	}
 
+	log.Printf("Using issuer URL: %s", baseURL)
+
 	// Initialize in-memory store with configuration
 	memoryStore := store.NewMemoryStore()
 
@@ -65,7 +74,7 @@ func main() {
 	mux.Handle("/userinfo", &handlers.UserInfoHandler{Store: memoryStore})
 	mux.Handle("/config", handlers.NewConfigHandler(memoryStore, defaultUser))
 	mux.Handle("/version", handlers.NewVersionHandler())
-
+	
 	// Add OpenID Connect Discovery endpoint
 	mux.Handle("/.well-known/openid-configuration", handlers.NewOpenIDConfigHandler(baseURL))
 

internal/config/config.go

@@ -12,6 +12,7 @@ type ServerConfig struct {
 	MockUserEmail   string
 	MockUserName    string
 	MockTokenExpiry int
+	IssuerURL       string
 	mu              sync.RWMutex
 }
 
@@ -20,6 +21,7 @@ var defaultConfig = ServerConfig{
 	MockUserEmail:   "[email protected]",
 	MockUserName:    "Test User",
 	MockTokenExpiry: 3600,
+	IssuerURL:       "", // Will be auto-generated if not specified
 }
 
 // LoadConfig loads server configuration from environment variables or returns defaults
@@ -46,6 +48,11 @@ func LoadConfig() *ServerConfig {
 		}
 	}
 
+	// Load issuer URL from environment variable
+	if issuerURL, exists := os.LookupEnv("MOCK_ISSUER_URL"); exists {
+		config.IssuerURL = issuerURL
+	}
+
 	return config
 }
 
@@ -66,6 +73,9 @@ func (c *ServerConfig) UpdateConfig(newConfig map[string]interface{}) {
 	if expiry, ok := newConfig["mock_token_expiry"].(int); ok {
 		c.MockTokenExpiry = expiry
 	}
+	if issuerURL, ok := newConfig["issuer_url"].(string); ok {
+		c.IssuerURL = issuerURL
+	}
 }
 
 // GetConfig returns a copy of the current server configuration without the mutex
@@ -78,5 +88,6 @@ func (c *ServerConfig) GetConfig() ServerConfig {
 		MockUserEmail:   c.MockUserEmail,
 		MockUserName:    c.MockUserName,
 		MockTokenExpiry: c.MockTokenExpiry,
+		IssuerURL:       c.IssuerURL,
 	}
 }

internal/config/config_test.go

@@ -11,10 +11,12 @@ func TestLoadConfig(t *testing.T) {
 	os.Setenv("MOCK_USER_EMAIL", "[email protected]")
 	os.Setenv("MOCK_USER_NAME", "Test User")
 	os.Setenv("MOCK_TOKEN_EXPIRY", "7200")
+	os.Setenv("MOCK_ISSUER_URL", "http://mock-oauth2:9090")
 	defer os.Unsetenv("MOCK_OAUTH_PORT")
 	defer os.Unsetenv("MOCK_USER_EMAIL")
 	defer os.Unsetenv("MOCK_USER_NAME")
 	defer os.Unsetenv("MOCK_TOKEN_EXPIRY")
+	defer os.Unsetenv("MOCK_ISSUER_URL")
 
 	config := LoadConfig()
 
@@ -30,6 +32,9 @@ func TestLoadConfig(t *testing.T) {
 	if config.MockTokenExpiry != 7200 {
 		t.Errorf("expected MockTokenExpiry to be 7200, got %d", config.MockTokenExpiry)
 	}
+	if config.IssuerURL != "http://mock-oauth2:9090" {
+		t.Errorf("expected IssuerURL to be 'http://mock-oauth2:9090', got '%s'", config.IssuerURL)
+	}
 }
 
 func TestUpdateConfig(t *testing.T) {
@@ -40,6 +45,7 @@ func TestUpdateConfig(t *testing.T) {
 		"mock_user_email":   "[email protected]",
 		"mock_user_name":    "Updated User",
 		"mock_token_expiry": 3600,
+		"issuer_url":        "http://updated-mock-oauth2:8081",
 	}
 
 	config.UpdateConfig(newConfig)
@@ -56,6 +62,9 @@ func TestUpdateConfig(t *testing.T) {
 	if config.MockTokenExpiry != 3600 {
 		t.Errorf("expected MockTokenExpiry to be 3600, got %d", config.MockTokenExpiry)
 	}
+	if config.IssuerURL != "http://updated-mock-oauth2:8081" {
+		t.Errorf("expected IssuerURL to be 'http://updated-mock-oauth2:8081', got '%s'", config.IssuerURL)
+	}
 }
 
 func TestGetConfig(t *testing.T) {
@@ -66,6 +75,7 @@ func TestGetConfig(t *testing.T) {
 		"mock_user_email":   "[email protected]",
 		"mock_user_name":    "GetConfig User",
 		"mock_token_expiry": 1800,
+		"issuer_url":        "http://getconfig-mock-oauth2:8082",
 	}
 
 	config.UpdateConfig(newConfig)
@@ -74,8 +84,10 @@ func TestGetConfig(t *testing.T) {
 	if retrievedConfig.Port != 8082 ||
 		retrievedConfig.MockUserEmail != "[email protected]" ||
 		retrievedConfig.MockUserName != "GetConfig User" ||
-		retrievedConfig.MockTokenExpiry != 1800 {
+		retrievedConfig.MockTokenExpiry != 1800 || 
+		retrievedConfig.IssuerURL != "http://getconfig-mock-oauth2:8082" {
 
-		t.Errorf("expected retrievedConfig to match updated config, got Port: %d, MockUserEmail: %s, MockUserName: %s, MockTokenExpiry: %d", retrievedConfig.Port, retrievedConfig.MockUserEmail, retrievedConfig.MockUserName, retrievedConfig.MockTokenExpiry)
+		t.Errorf("expected retrievedConfig to match updated config, got Port: %d, MockUserEmail: %s, MockUserName: %s, MockTokenExpiry: %d, IssuerURL: %s", 
+			retrievedConfig.Port, retrievedConfig.MockUserEmail, retrievedConfig.MockUserName, retrievedConfig.MockTokenExpiry, retrievedConfig.IssuerURL)
 	}
 }