feat: Implement oauth service and client registration

src/api/client/mod.rs

@@ -16,6 +16,7 @@ pub(super) mod media_legacy;
 pub(super) mod membership;
 pub(super) mod message;
 pub(super) mod mutual_rooms;
+pub(super) mod oauth;
 pub(super) mod openid;
 pub(super) mod presence;
 pub(super) mod profile;
@@ -61,6 +62,7 @@ pub(super) use membership::*;
 pub use membership::{leave_all_rooms, leave_room, remote_leave_room};
 pub(super) use message::*;
 pub(super) use mutual_rooms::*;
+pub(super) use oauth::*;
 pub(super) use openid::*;
 pub(super) use presence::*;
 pub(super) use profile::*;

src/api/client/oauth/mod.rs

@@ -0,0 +1,17 @@
+mod register_client;
+mod server_metadata;
+
+use axum::{
+	Json, Router,
+	routing::method_routing::{get, post},
+};
+use serde_json::json;
+pub(crate) use server_metadata::*;
+
+pub(crate) const BASE_PATH: &str = "/_continuwuity/oauth2/";
+
+pub(crate) fn router() -> Router<crate::State> {
+	Router::new()
+		.route("/client/register", post(register_client::register_client_route))
+		.route("/client/keys.json", get(async || Json(json!({"keys": []}))))
+}

src/api/client/oauth/register_client.rs

@@ -0,0 +1,28 @@
+use axum::{
+	Json,
+	extract::State,
+	response::{IntoResponse, Response},
+};
+use http::StatusCode;
+use serde::Serialize;
+use service::oauth::client_metadata::ClientMetadata;
+
+#[derive(Serialize)]
+struct RegisteredClient {
+	client_id: String,
+	#[serde(flatten)]
+	metadata: ClientMetadata,
+}
+
+pub(crate) async fn register_client_route(
+	State(services): State<crate::State>,
+	Json(metadata): Json<ClientMetadata>,
+) -> Result<Response, Response> {
+	let client_id = services
+		.oauth
+		.register_client(&metadata)
+		.await
+		.map_err(|err| (StatusCode::BAD_REQUEST, err.to_owned()).into_response())?;
+
+	Ok(Json(RegisteredClient { client_id, metadata }).into_response())
+}

src/api/client/oauth/server_metadata.rs

@@ -0,0 +1,34 @@
+use axum::extract::State;
+use conduwuit::Result;
+use ruma::{api::client::discovery::get_authorization_server_metadata, serde::Raw};
+use serde_json::json;
+
+use crate::Ruma;
+
+pub(crate) async fn get_authorization_server_metadata_route(
+	State(services): State<crate::State>,
+	_body: Ruma<get_authorization_server_metadata::v1::Request>,
+) -> Result<get_authorization_server_metadata::v1::Response> {
+	let endpoint_base = services
+		.config
+		.get_client_domain()
+		.join(super::BASE_PATH)
+		.unwrap();
+
+	let metadata = Raw::new(&json!({
+		"authorization_endpoint": endpoint_base.join("grant/authorization_code").unwrap(),
+		"code_challenge_methods_supported": ["S256"],
+		"grant_types_supported": ["authorization_code", "refresh_token"],
+		"issuer": services.config.get_client_domain(),
+		"jwks_uri": endpoint_base.join("client/keys.json").unwrap(),
+		"prompt_values_supported": ["create"],
+		"registration_endpoint": endpoint_base.join("client/register").unwrap(),
+		"response_modes_supported": ["query", "fragment"],
+		"response_types_supported": ["code"],
+		"revocation_endpoint": endpoint_base.join("client/revoke").unwrap(),
+		"token_endpoint": endpoint_base.join("grant/token").unwrap(),
+	}))
+	.unwrap();
+
+	Ok(get_authorization_server_metadata::v1::Response::new(metadata.cast_unchecked()))
+}

src/api/router.rs

@@ -186,6 +186,8 @@ pub fn build(router: Router<State>, server: &Server) -> Router<State> {
 		.ruma_route(&client::well_known_policy_server)
 		.ruma_route(&client::get_rtc_transports)
 		.ruma_route(&client::room_initial_sync_route)
+		.ruma_route(&client::get_authorization_server_metadata_route)
+		.nest(client::oauth::BASE_PATH, client::oauth::router())
 		.route("/_conduwuit/server_version", get(client::conduwuit_server_version))
 		.route("/_continuwuity/server_version", get(client::conduwuit_server_version))
 		.ruma_route(&admin::rooms::ban::ban_room)