From 2fbfb6169318172411730e2f1806156e70b87a30 Mon Sep 17 00:00:00 2001
From: Sergiusz Bazanski <q3k@q3k.org>
Date: Mon, 29 Jan 2018 16:02:50 +0000
Subject: [PATCH] Add OpenIDConnect userinfo endpoint

Quickly cobbled together based on a random spec [1] from the Internet.

Also drive-by fix a mixed indentation issue.

[1] - https://connect2id.com/products/server/docs/api/userinfo
---
 auth.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/auth.py b/auth.py
index 64f5eae..5b4caaf 100644
--- a/auth.py
+++ b/auth.py
@@ -220,7 +220,7 @@ def authorize(*args, **kwargs):
         client_id = kwargs.get('client_id')
         client = Client.query.filter_by(client_id=client_id).first()
         kwargs['client'] = client
-	kwargs['user'] = current_user
+        kwargs['user'] = current_user
         return render_template('oauthorize.html', **kwargs)
 
     confirm = flask.request.form.get('confirm', 'no')
@@ -325,6 +325,7 @@ def load_user(user_id):
     return LDAPUserProxy(user_id)
 
 
+# HSWAW specific endpoint
 @app.route('/api/profile')
 @app.route('/api/1/profile')
 @oauth.require_oauth('profile:read')
@@ -336,6 +337,14 @@ def api_profile():
             personal_email=user.personal_email)
 
 
+# OpenIDConnect userinfo
+@app.route('/api/1/userinfo')
+@oauth.require_oauth('profile:read')
+def api_profile():
+    user = LDAPUserProxy(flask.request.oauth.user)
+    return flask.jsonify(sub=user.username, name=user.gecos, email=user.email,
+                         preferred_username=user.username, nickname=user.username)
+
 
 if __name__ == '__main__':
     app.run('0.0.0.0', 8082, debug=True)