ktorio · zibet27 · Jan 30, 2026 · coderabbitai · Jan 30, 2026
diff --git a/...-server-plugins/ktor-server-auth-jwt/jvm/test/io/ktor/server/auth/jwt/JwkDiscoveryTest.kt b/...-server-plugins/ktor-server-auth-jwt/jvm/test/io/ktor/server/auth/jwt/JwkDiscoveryTest.kt
@@ -9,8 +9,6 @@ import com.auth0.jwk.JwkProvider
 import com.auth0.jwk.SigningKeyNotFoundException
 import com.auth0.jwt.JWT
 import com.auth0.jwt.algorithms.Algorithm
-import io.ktor.client.*
-import io.ktor.client.engine.mock.*
 import io.ktor.client.request.*
 import io.ktor.http.*
 import io.ktor.server.auth.*
@@ -19,7 +17,6 @@ import io.ktor.server.engine.*
 import io.ktor.server.response.*
 import io.ktor.server.routing.*
 import io.ktor.server.testing.*
-import kotlinx.coroutines.runBlocking
 import kotlinx.coroutines.test.runTest
 import kotlinx.serialization.SerialName
 import kotlinx.serialization.Serializable
@@ -35,7 +32,6 @@ import java.util.concurrent.atomic.AtomicInteger
 import java.util.concurrent.atomic.AtomicReference
 import kotlin.test.Test
 import kotlin.test.assertEquals
-import kotlin.test.assertFails
 import kotlin.test.assertFailsWith
 import kotlin.time.Duration.Companion.seconds
 
@@ -55,73 +51,6 @@ internal data class JwksKeys(val keys: List<JwksKey>)
 class JwkDiscoveryTest {
     private val discoveryJson = Json { ignoreUnknownKeys = true }
 
-    private fun String.toConfigUrl() = "$this/.well-known/openid-configuration"
-
-    @Test
-    fun testFetchOpenIdConfigurationWithMockProviders() = testApplication {
-        val googleIssuer = "https://accounts.google.com"
-        val auth0Issuer = "https://example.auth0.com"
-        val keycloakIssuer = "https://keycloak.example/realms/demo"
-
-        val responses = mapOf(
-            googleIssuer.toConfigUrl() to OpenIdConfiguration(
-                googleIssuer,
-                jwksUri = "https://www.googleapis.com/oauth2/v3/certs"
-            ),
-            auth0Issuer.toConfigUrl() to OpenIdConfiguration(
-                auth0Issuer,
-                jwksUri = "https://example.auth0.com/.well-known/jwks.json"
-            ),
-            keycloakIssuer.toConfigUrl() to OpenIdConfiguration(
-                keycloakIssuer,
-                jwksUri = "https://keycloak.example/realms/demo/protocol/openid-connect/certs"
-            )
-        ).mapValues { discoveryJson.encodeToString(it.value) }
-
-        val engine = MockEngine { request ->
-            val responseBody =
-                responses[request.url.toString()] ?: return@MockEngine respondError(HttpStatusCode.NotFound)
-            respond(
-                content = responseBody,
-                headers = headersOf(HttpHeaders.ContentType, ContentType.Application.Json.toString())
-            )
-        }
-        val client = HttpClient(engine)
-
-        val googleConfig = client.fetchOpenIdConfiguration(googleIssuer)
-        assertEquals("https://www.googleapis.com/oauth2/v3/certs", googleConfig.jwksUri)
-
-        val auth0Config = client.fetchOpenIdConfiguration(auth0Issuer)
-        assertEquals("https://example.auth0.com/.well-known/jwks.json", auth0Config.jwksUri)
-
-        val keycloakConfig = client.fetchOpenIdConfiguration(keycloakIssuer)
-        assertEquals(
-            "https://keycloak.example/realms/demo/protocol/openid-connect/certs",
-            keycloakConfig.jwksUri
-        )
-    }
-
-    @Test
-    fun testFetchOpenIdConfigurationFails(): Unit = runBlocking {
-        var counter = 0
-        val engine = MockEngine {
-            respond(
-                content = when {
-                    counter++ == 0 -> "not json"
-                    else -> "{}"
-                },
-                headers = headersOf(HttpHeaders.ContentType, ContentType.Application.Json.toString())
-            )
-        }
-        val client = HttpClient(engine) { expectSuccess = false }
-        assertFails {
-            client.fetchOpenIdConfiguration("https://issuer.example")
-        }
-        assertFails {
-            client.fetchOpenIdConfiguration("https://issuer.example")
-        }
-    }
-
     @Test
     fun testJwkDiscoveryRotation() = testApplication {
         val issuer = "https://issuer.example/"
@@ -143,6 +72,8 @@ class JwkDiscoveryTest {
                     validate { JWTPrincipal(it.payload) }
                     openIdConfig = OpenIdConfiguration(
                         issuer = issuer,
+                        authorizationEndpoint = "$issuer/authorize",
+                        tokenEndpoint = "$issuer/token",
                         jwksUri = "$issuer/.well-known/openid-configuration"
                     )
                 }
@@ -203,6 +134,8 @@ class JwkDiscoveryTest {
 
                 val openIdConfig = OpenIdConfiguration(
                     issuer = issuerUrl,
+                    authorizationEndpoint = "$issuerUrl/authorize",
+                    tokenEndpoint = "$issuerUrl/token",
                     jwksUri = "$issuerUrl/jwks"
                 )
 
@@ -279,6 +212,8 @@ class JwkDiscoveryTest {
             val jwkProvider = JwkConfig().apply {
                 openIdConfig = OpenIdConfiguration(
                     issuer = "http://issuer.example",
+                    authorizationEndpoint = "http://issuer.example/authorize",
+                    tokenEndpoint = "http://issuer.example/token",
                     jwksUri = "http://127.0.0.1:$port"
                 )
                 cache(maxEntries = 1, duration = 1.seconds)

diff --git a/ktor-server/ktor-server-plugins/ktor-server-auth/api/ktor-server-auth.api b/ktor-server/ktor-server-plugins/ktor-server-auth/api/ktor-server-auth.api
@@ -485,8 +485,12 @@ public final class io/ktor/server/auth/OAuthGrantTypes {
 
 public final class io/ktor/server/auth/OAuthProcedureKt {
 	public static final fun getOAuthKey ()Ljava/lang/Object;
+	public static final fun oauth (Lio/ktor/server/auth/AuthenticationConfig;Ljava/lang/String;Lio/ktor/server/auth/OpenIdConfiguration;Lkotlin/jvm/functions/Function1;)V
+	public static final fun oauth (Lio/ktor/server/auth/AuthenticationConfig;Ljava/lang/String;Ljava/lang/String;Lio/ktor/server/auth/OpenIdConfiguration;Lkotlin/jvm/functions/Function1;)V
 	public static final fun oauth (Lio/ktor/server/auth/AuthenticationConfig;Ljava/lang/String;Ljava/lang/String;Lkotlin/jvm/functions/Function1;)V
 	public static final fun oauth (Lio/ktor/server/auth/AuthenticationConfig;Ljava/lang/String;Lkotlin/jvm/functions/Function1;)V
+	public static synthetic fun oauth$default (Lio/ktor/server/auth/AuthenticationConfig;Ljava/lang/String;Lio/ktor/server/auth/OpenIdConfiguration;Lkotlin/jvm/functions/Function1;ILjava/lang/Object;)V
+	public static synthetic fun oauth$default (Lio/ktor/server/auth/AuthenticationConfig;Ljava/lang/String;Ljava/lang/String;Lio/ktor/server/auth/OpenIdConfiguration;Lkotlin/jvm/functions/Function1;ILjava/lang/Object;)V
 	public static synthetic fun oauth$default (Lio/ktor/server/auth/AuthenticationConfig;Ljava/lang/String;Ljava/lang/String;Lkotlin/jvm/functions/Function1;ILjava/lang/Object;)V
 	public static synthetic fun oauth$default (Lio/ktor/server/auth/AuthenticationConfig;Ljava/lang/String;Lkotlin/jvm/functions/Function1;ILjava/lang/Object;)V
 	public static final fun staticSettings (Lio/ktor/server/auth/OAuthAuthenticationProvider;)Lio/ktor/server/auth/OAuthServerSettings;
@@ -542,14 +546,29 @@ public final class io/ktor/server/auth/OAuthVersion : java/lang/Enum {
 
 public final class io/ktor/server/auth/OpenIdConfiguration {
 	public static final field Companion Lio/ktor/server/auth/OpenIdConfiguration$Companion;
-	public fun <init> (Ljava/lang/String;Ljava/lang/String;)V
+	public fun <init> (Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/util/List;Ljava/util/List;Ljava/util/List;Ljava/util/List;)V
+	public synthetic fun <init> (Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/util/List;Ljava/util/List;Ljava/util/List;Ljava/util/List;ILkotlin/jvm/internal/DefaultConstructorMarker;)V
 	public final fun component1 ()Ljava/lang/String;
 	public final fun component2 ()Ljava/lang/String;
-	public final fun copy (Ljava/lang/String;Ljava/lang/String;)Lio/ktor/server/auth/OpenIdConfiguration;
-	public static synthetic fun copy$default (Lio/ktor/server/auth/OpenIdConfiguration;Ljava/lang/String;Ljava/lang/String;ILjava/lang/Object;)Lio/ktor/server/auth/OpenIdConfiguration;
+	public final fun component3 ()Ljava/lang/String;
+	public final fun component4 ()Ljava/lang/String;
+	public final fun component5 ()Ljava/lang/String;
+	public final fun component6 ()Ljava/util/List;
+	public final fun component7 ()Ljava/util/List;
+	public final fun component8 ()Ljava/util/List;
+	public final fun component9 ()Ljava/util/List;
+	public final fun copy (Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/util/List;Ljava/util/List;Ljava/util/List;Ljava/util/List;)Lio/ktor/server/auth/OpenIdConfiguration;
+	public static synthetic fun copy$default (Lio/ktor/server/auth/OpenIdConfiguration;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/util/List;Ljava/util/List;Ljava/util/List;Ljava/util/List;ILjava/lang/Object;)Lio/ktor/server/auth/OpenIdConfiguration;
 	public fun equals (Ljava/lang/Object;)Z
+	public final fun getAuthorizationEndpoint ()Ljava/lang/String;
+	public final fun getClaimsSupported ()Ljava/util/List;
 	public final fun getIssuer ()Ljava/lang/String;
 	public final fun getJwksUri ()Ljava/lang/String;
+	public final fun getResponseTypesSupported ()Ljava/util/List;
+	public final fun getScopesSupported ()Ljava/util/List;
+	public final fun getTokenEndpoint ()Ljava/lang/String;
+	public final fun getTokenEndpointAuthMethodsSupported ()Ljava/util/List;
+	public final fun getUserInfoEndpoint ()Ljava/lang/String;
 	public fun hashCode ()I
 	public fun toString ()Ljava/lang/String;
 }
@@ -574,9 +593,6 @@ public final class io/ktor/server/auth/OpenIdConfigurationKt {
 }
 
 public final class io/ktor/server/auth/OpenIdOAuthConfig {
-	public field clientId Ljava/lang/String;
-	public field clientSecret Ljava/lang/String;
-	public field urlProvider Lkotlin/jvm/functions/Function3;
 	public fun <init> (Lio/ktor/server/auth/OpenIdConfiguration;)V
 	public final fun getAccessTokenRequiresBasicAuth ()Z
 	public final fun getClient ()Lio/ktor/client/HttpClient;