Update to handle basic auth for gittea compatibility

app/Http/Controllers/OIDCController.php

@@ -27,10 +27,10 @@ class OIDCController extends Controller
         }
 
         $user = auth()->user();
-        
+
         // Check if user has auto-approval enabled and has previously authorized this app
         $hasAuthorizedBefore = $user->tokens()->where('application_id', $client->id)->exists();
-        
+
         if ($user->auto_approve_apps && $hasAuthorizedBefore) {
             // Auto-approve: generate code and redirect directly
             $code = Str::random(40);
@@ -83,7 +83,14 @@ class OIDCController extends Controller
         // whatever comes in the request
         $client = Application::findOrFail($payload['client_id']);
 
+        // Support basic auth. Sometimes the ID and secret might
+        // come in the header since it's TECHNICALLY part
+        // of the oauth spec
+        $client_id = $request->client_id ?? $request->getUser();
+        $client_secret = $request->client_secret ?? $request->getPassword();
+
         if ($request->has('code_verifier')) {
+
             // PKCE validation
             $verifier = $request->code_verifier;
             $method = $payload['code_challenge_method'] ?? 'plain';
@@ -97,13 +104,14 @@ class OIDCController extends Controller
             if (!$valid) {
                 abort(403, 'Invalid PKCE code_verifier');
             }
-        } elseif ($request->has('client_id') && $request->has('client_secret')) {
+        } elseif (!empty($client_id) && !empty($client_secret)) {
             // Client credentials validation
-            if ($request->client_id !== $client->client_id) {
+            if ($client_id !== $client->client_id) {
                 abort(403, 'Client ID mismatch');
             }
 
-            if (!hash_equals($client->client_secret, $request->client_secret)) {
+
+            if (!hash_equals($client_secret, $client->client_secret)) {
                 abort(403, 'Invalid client secret');
             }
         } else {
@@ -183,11 +191,11 @@ class OIDCController extends Controller
         // if (!$token || $token->expires_at->isPast()) {
         //     return response()->json(['error' => 'invalid_token'], 401);
         // }
-        
+
         if (empty($token)) {
             return response()->json(['error' => 'invalid_token'], 401);
         }
-        
+
         $user = $token->user;
         if (empty($user)) {
             return response()->json(['error' => 'invalid_token'], 401);

resources/views/livewire/app-info-modal.blade.php

@@ -38,7 +38,7 @@
             <div x-show="!dockerView" class="space-y-4">
                 <flux:input label="Client ID" disabled value="{{$app->client_id}}" copyable />
                 <flux:input label="Client Secret" disabled value="{{$app->client_secret}}" copyable />
-                <flux:input label="Redirect URI" disabled value="{{$app->redirect_uri}}" copyable />
+                <flux:input label="OIDC Discovery" disabled value="{{route('auth.openid-configuration')}}" copyable />
                 <flux:input label="Authorization Endpoint" disabled value="{{route('auth.authorize')}}" copyable />
                 <flux:input label="Token Endpoint" disabled value="{{route('auth.token')}}" copyable />
                 <flux:input label="User Endpoint" disabled value="{{route('auth.userinfo')}}" copyable />

resources/views/livewire/consent-screen.blade.php

@@ -1,5 +1,5 @@
 <div class="flex max-w-xl mx-auto min-h-svh flex-col items-center justify-center gap-6 p-6 md:p-10">
-    <x-card>
+    <x-card class="p-10">
         <flux:heading>You're about to log into</flux:heading>
         <flux:heading size="xl">{{ $client->name }}</flux:heading>
         <flux:separator />