From 735b2cd32ef03283a113c976c5f165c2b74c6b3b Mon Sep 17 00:00:00 2001
From: 2underscores <jeremy__smith@hotmail.com>
Date: Sun, 27 Jul 2025 21:02:10 +1000
Subject: [PATCH] feat: add OAuth 2.0/OpenID Connect metadata discovery
 fallback

- Add support for /.well-known/openid-configuration endpoint as fallback to oauth standard .well-known/oauth-authorization-server
- Addresses GitHub discussion #563
---
 client/src/lib/oauth-state-machine.ts | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/client/src/lib/oauth-state-machine.ts b/client/src/lib/oauth-state-machine.ts
index d87b3ecd6..b71d83cc4 100644
--- a/client/src/lib/oauth-state-machine.ts
+++ b/client/src/lib/oauth-state-machine.ts
@@ -25,6 +25,31 @@ export interface StateTransition {
   execute: (context: StateMachineContext) => Promise<void>;
 }
 
+/**
+ * Discover OAuth metadata for all industry standard endpoints
+ */
+async function discoverOAuthMetadataWithFallback(authServerUrl: URL): ReturnType<typeof discoverOAuthMetadata> {
+  let metadata = await discoverOAuthMetadata(authServerUrl);
+  if (metadata) return metadata;
+
+  // Fallback to OpenID Connect Discovery endpoint
+  // Include both standard OIDC appending to issuer and path, as well as RFC 8414 compatible of inserting between base and existing path
+  const openidConfigUrls = [
+    new URL(`${authServerUrl.origin}${authServerUrl.pathname}/.well-known/openid-configuration`), // OIDC standard
+    new URL(`${authServerUrl.origin}/.well-known/openid-configuration${authServerUrl.pathname}`), // RFC 8414 compatible
+  ];
+
+  for (const url of openidConfigUrls) {
+    try {
+      const response = await fetch(url);
+      metadata = await response.json();
+      if (metadata) return metadata;
+    } catch (e) {
+      console.error(e)
+    }
+  }
+}
+
 // State machine transitions
 export const oauthTransitions: Record<OAuthStep, StateTransition> = {
   metadata_discovery: {
@@ -56,7 +81,7 @@ export const oauthTransitions: Record<OAuthStep, StateTransition> = {
         resourceMetadata ?? undefined,
       );
 
-      const metadata = await discoverOAuthMetadata(authServerUrl);
+      const metadata = await discoverOAuthMetadataWithFallback(authServerUrl);
       if (!metadata) {
         throw new Error("Failed to discover OAuth metadata");
       }