Derive token_endpoint_auth_methods_supported from Doorkeeper client_credentials config

Co-authored-by: nbulaj <1443426+nbulaj@users.noreply.github.com>

Author: Copilot

app/controllers/doorkeeper/openid_connect/discovery_controller.rb

@@ -47,7 +47,7 @@ def provider_response
           # TODO: look into doorkeeper-jwt_assertion for these
           #  'client_secret_jwt',
           #  'private_key_jwt'
-          token_endpoint_auth_methods_supported: %w[client_secret_basic client_secret_post],
+          token_endpoint_auth_methods_supported: token_endpoint_auth_methods_supported(doorkeeper),
 
           subject_types_supported: openid_connect.subject_types_supported,
 
@@ -79,6 +79,11 @@ def response_modes_supported(doorkeeper)
         doorkeeper.authorization_response_flows.flat_map(&:response_mode_matches).uniq
       end
 
+      def token_endpoint_auth_methods_supported(doorkeeper)
+        mapping = { from_basic: 'client_secret_basic', from_params: 'client_secret_post' }
+        doorkeeper.client_credentials_methods.filter_map { |method| mapping[method] }
+      end
+
       def code_challenge_methods_supported(doorkeeper)
         return unless doorkeeper.access_grant_model.pkce_supported?
 

spec/controllers/discovery_controller_spec.rb

@@ -158,6 +158,39 @@
       end
     end
 
+    context 'when client_credentials is configured with only from_basic' do
+      before { Doorkeeper.configure { client_credentials :from_basic } }
+
+      it 'returns only client_secret_basic in token_endpoint_auth_methods_supported' do
+        get :provider
+        data = JSON.parse(response.body)
+
+        expect(data['token_endpoint_auth_methods_supported']).to eq %w[client_secret_basic]
+      end
+    end
+
+    context 'when client_credentials is configured with only from_params' do
+      before { Doorkeeper.configure { client_credentials :from_params } }
+
+      it 'returns only client_secret_post in token_endpoint_auth_methods_supported' do
+        get :provider
+        data = JSON.parse(response.body)
+
+        expect(data['token_endpoint_auth_methods_supported']).to eq %w[client_secret_post]
+      end
+    end
+
+    context 'when client_credentials is configured with both from_basic and from_params' do
+      before { Doorkeeper.configure { client_credentials :from_basic, :from_params } }
+
+      it 'returns both client_secret_basic and client_secret_post in token_endpoint_auth_methods_supported' do
+        get :provider
+        data = JSON.parse(response.body)
+
+        expect(data['token_endpoint_auth_methods_supported']).to eq %w[client_secret_basic client_secret_post]
+      end
+    end
+
     context 'when grant_flows is configed with authorization_code and implicit flow' do
       before { Doorkeeper.configure { grant_flows %w[authorization_code implicit_oidc] } }
 

vendor/bundle/ruby/3.2.0/bin/byebug

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby3.2
+#
+# This file was generated by RubyGems.
+#
+# The application 'byebug' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'rubygems'
+
+Gem.use_gemdeps
+
+version = ">= 0.a"
+
+str = ARGV.first
+if str
+  str = str.b[/\A_(.*)_\z/, 1]
+  if str and Gem::Version.correct?(str)
+    version = str
+    ARGV.shift
+  end
+end
+
+if Gem.respond_to?(:activate_bin_path)
+load Gem.activate_bin_path('byebug', 'byebug', version)
+else
+gem "byebug", version
+load Gem.bin_path("byebug", "byebug", version)
+end

vendor/bundle/ruby/3.2.0/bin/coderay

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby3.2
+#
+# This file was generated by RubyGems.
+#
+# The application 'coderay' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'rubygems'
+
+Gem.use_gemdeps
+
+version = ">= 0.a"
+
+str = ARGV.first
+if str
+  str = str.b[/\A_(.*)_\z/, 1]
+  if str and Gem::Version.correct?(str)
+    version = str
+    ARGV.shift
+  end
+end
+
+if Gem.respond_to?(:activate_bin_path)
+load Gem.activate_bin_path('coderay', 'coderay', version)
+else
+gem "coderay", version
+load Gem.bin_path("coderay", "coderay", version)
+end

vendor/bundle/ruby/3.2.0/bin/conventional-changelog

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby3.2
+#
+# This file was generated by RubyGems.
+#
+# The application 'conventional-changelog' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'rubygems'
+
+Gem.use_gemdeps
+
+version = ">= 0.a"
+
+str = ARGV.first
+if str
+  str = str.b[/\A_(.*)_\z/, 1]
+  if str and Gem::Version.correct?(str)
+    version = str
+    ARGV.shift
+  end
+end
+
+if Gem.respond_to?(:activate_bin_path)
+load Gem.activate_bin_path('conventional-changelog', 'conventional-changelog', version)
+else
+gem "conventional-changelog", version
+load Gem.bin_path("conventional-changelog", "conventional-changelog", version)
+end

vendor/bundle/ruby/3.2.0/bin/erb

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby3.2
+#
+# This file was generated by RubyGems.
+#
+# The application 'erb' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'rubygems'
+
+Gem.use_gemdeps
+
+version = ">= 0.a"
+
+str = ARGV.first
+if str
+  str = str.b[/\A_(.*)_\z/, 1]
+  if str and Gem::Version.correct?(str)
+    version = str
+    ARGV.shift
+  end
+end
+
+if Gem.respond_to?(:activate_bin_path)
+load Gem.activate_bin_path('erb', 'erb', version)
+else
+gem "erb", version
+load Gem.bin_path("erb", "erb", version)
+end

vendor/bundle/ruby/3.2.0/bin/htmldiff

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby3.2
+#
+# This file was generated by RubyGems.
+#
+# The application 'diff-lcs' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'rubygems'
+
+Gem.use_gemdeps
+
+version = ">= 0.a"
+
+str = ARGV.first
+if str
+  str = str.b[/\A_(.*)_\z/, 1]
+  if str and Gem::Version.correct?(str)
+    version = str
+    ARGV.shift
+  end
+end
+
+if Gem.respond_to?(:activate_bin_path)
+load Gem.activate_bin_path('diff-lcs', 'htmldiff', version)
+else
+gem "diff-lcs", version
+load Gem.bin_path("diff-lcs", "htmldiff", version)
+end

vendor/bundle/ruby/3.2.0/bin/irb

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby3.2
+#
+# This file was generated by RubyGems.
+#
+# The application 'irb' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'rubygems'
+
+Gem.use_gemdeps
+
+version = ">= 0.a"
+
+str = ARGV.first
+if str
+  str = str.b[/\A_(.*)_\z/, 1]
+  if str and Gem::Version.correct?(str)
+    version = str
+    ARGV.shift
+  end
+end
+
+if Gem.respond_to?(:activate_bin_path)
+load Gem.activate_bin_path('irb', 'irb', version)
+else
+gem "irb", version
+load Gem.bin_path("irb", "irb", version)
+end

vendor/bundle/ruby/3.2.0/bin/ldiff

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby3.2
+#
+# This file was generated by RubyGems.
+#
+# The application 'diff-lcs' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'rubygems'
+
+Gem.use_gemdeps
+
+version = ">= 0.a"
+
+str = ARGV.first
+if str
+  str = str.b[/\A_(.*)_\z/, 1]
+  if str and Gem::Version.correct?(str)
+    version = str
+    ARGV.shift
+  end
+end
+
+if Gem.respond_to?(:activate_bin_path)
+load Gem.activate_bin_path('diff-lcs', 'ldiff', version)
+else
+gem "diff-lcs", version
+load Gem.bin_path("diff-lcs", "ldiff", version)
+end

vendor/bundle/ruby/3.2.0/bin/minitest

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby3.2
+#
+# This file was generated by RubyGems.
+#
+# The application 'minitest' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'rubygems'
+
+Gem.use_gemdeps
+
+version = ">= 0.a"
+
+str = ARGV.first
+if str
+  str = str.b[/\A_(.*)_\z/, 1]
+  if str and Gem::Version.correct?(str)
+    version = str
+    ARGV.shift
+  end
+end
+
+if Gem.respond_to?(:activate_bin_path)
+load Gem.activate_bin_path('minitest', 'minitest', version)
+else
+gem "minitest", version
+load Gem.bin_path("minitest", "minitest", version)
+end