Add userinfo oauth endpoint (#32548)

app/controllers/oauth/userinfo_controller.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+class Oauth::UserinfoController < Api::BaseController
+  before_action -> { doorkeeper_authorize! :profile }, only: [:show]
+  before_action :require_user!
+
+  def show
+    @account = current_account
+    render json: @account, serializer: OauthUserinfoSerializer
+  end
+end

app/presenters/oauth_metadata_presenter.rb

@@ -26,6 +26,10 @@ class OauthMetadataPresenter < ActiveModelSerializers::Model
     oauth_token_url
   end
 
+  def userinfo_endpoint
+    oauth_userinfo_url
+  end
+
   # As the api_v1_apps route doesn't technically conform to the specification
   # for OAuth 2.0 Dynamic Client Registration defined in RFC 7591 we use a
   # non-standard property for now to indicate the mastodon specific registration

app/serializers/oauth_metadata_serializer.rb

@@ -2,7 +2,7 @@
 
 class OauthMetadataSerializer < ActiveModel::Serializer
   attributes :issuer, :authorization_endpoint, :token_endpoint,
-             :revocation_endpoint, :scopes_supported,
+             :revocation_endpoint, :userinfo_endpoint, :scopes_supported,
              :response_types_supported, :response_modes_supported,
              :grant_types_supported, :token_endpoint_auth_methods_supported,
              :code_challenge_methods_supported,

app/serializers/oauth_userinfo_serializer.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+class OauthUserinfoSerializer < ActiveModel::Serializer
+  include RoutingHelper
+
+  attributes :iss, :sub, :name, :preferred_username, :profile, :picture
+
+  def iss
+    root_url
+  end
+
+  def sub
+    ActivityPub::TagManager.instance.uri_for(object)
+  end
+
+  def name
+    object.display_name
+  end
+
+  def preferred_username
+    object.username
+  end
+
+  def profile
+    ActivityPub::TagManager.instance.url_for(object)
+  end
+
+  def picture
+    full_asset_url(object.avatar_original_url)
+  end
+end