Add support for OAuth 2.0 Authorization Server Metadata

[emersion]

See https://www.rfc-editor.org/rfc/rfc8414

This allows clients to auto-discover OAuth 2.0 parameters instead of having to hardcode them.

[emersion]

Note, it seems like doorkeeper-openid_connect supports this: doorkeeper-gem/doorkeeper-openid_connect#152

It would still be nice to support the RFC without an additional plugin.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[emersion]

Ping

[nbulaj]

Hey @emersion , thanks for the feedback. I think we can add it into Doorkeeper itself, yes, and then reuse in doorkeeper openid_ connect extending default data. Would you mind prepare a PR?

[emersion]

Sounds good. I don't have time for this at the moment, but will keep in my TODO list.

[ThisIsMissEm]

@nbulaj I think I can maybe secure some funding for this work, would you like me to implement it if I can secure that funding? (I'm wanting to implement this in Mastodon)

[ThisIsMissEm]

@emersion we implemented this directly in Mastodon 4.3 via mastodon/mastodon#29191, since I had the funding to implement and didn't receive a response here.

[ThisIsMissEm]

Hey @emersion , thanks for the feedback. I think we can add it into Doorkeeper itself, yes, and then reuse in doorkeeper openid_ connect extending default data. Would you mind prepare a PR?

@nbulaj keep in mind that .well-known/oauth-authorization-server and .well-known/openid-configuration are different specifications; They're very similar but different.