feat(oidc): provide cors config including options handlers (#3005)

This adjusts the CORS headers appropriately for OpenID Connect. This includes responding to OPTIONS requests appropriately. Currently this is only configured to operate when the Origin scheme is HTTPS; but can easily be expanded in the future to include additional Origins.

1 files changed, 38 insertions, 0 deletions

diff --git a/internal/handlers/handler_oauth_introspection.go b/internal/handlers/handler_oauth_introspection.go
new file mode 100644
index 000000000..331ce201d
--- /dev/null
+++ b/internal/handlers/handler_oauth_introspection.go
@@ -0,0 +1,38 @@
+package handlers
+
+import (
+	"net/http"
+
+	"github.com/ory/fosite"
+
+	"github.com/authelia/authelia/v4/internal/middlewares"
+	"github.com/authelia/authelia/v4/internal/oidc"
+)
+
+// OAuthIntrospectionPOST handles POST requests to the OAuth 2.0 Introspection endpoint.
+//
+// https://datatracker.ietf.org/doc/html/rfc7662
+func OAuthIntrospectionPOST(ctx *middlewares.AutheliaCtx, rw http.ResponseWriter, req *http.Request) {
+	var (
+		responder fosite.IntrospectionResponder
+		err       error
+	)
+
+	oidcSession := oidc.NewSession()
+
+	if responder, err = ctx.Providers.OpenIDConnect.Fosite.NewIntrospectionRequest(ctx, req, oidcSession); err != nil {
+		rfc := fosite.ErrorToRFC6749Error(err)
+
+		ctx.Logger.Errorf("Introspection Request failed with error: %+v", rfc)
+
+		ctx.Providers.OpenIDConnect.Fosite.WriteIntrospectionError(rw, err)
+
+		return
+	}
+
+	requester := responder.GetAccessRequester()
+
+	ctx.Logger.Tracef("Introspection Request yeilded a %s (active: %t) requested at %s created with request id '%s' on client with id '%s'", responder.GetTokenUse(), responder.IsActive(), requester.GetRequestedAt().String(), requester.GetID(), requester.GetClient().GetID())
+
+	ctx.Providers.OpenIDConnect.Fosite.WriteIntrospectionResponse(rw, responder)
+}