Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 5797:03477980f1a9
mod_http_oauth2: Improve registration schema documentation parts
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 21 Dec 2023 18:26:42 +0100 |
| parents | 93d6e9026c1b |
| children | fdf3056021dc |
comparison
equal
deleted
inserted
replaced
| 5796:93d6e9026c1b | 5797:03477980f1a9 |
|---|---|
| 1196 return 200; | 1196 return 200; |
| 1197 end | 1197 end |
| 1198 | 1198 |
| 1199 local registration_schema = { | 1199 local registration_schema = { |
| 1200 title = "OAuth 2.0 Dynamic Client Registration Protocol"; | 1200 title = "OAuth 2.0 Dynamic Client Registration Protocol"; |
| 1201 description = "This endpoint allows dynamically registering an OAuth 2.0 client."; | |
| 1201 type = "object"; | 1202 type = "object"; |
| 1202 required = { | 1203 required = { |
| 1203 -- These are shown to users in the template | 1204 -- These are shown to users in the template |
| 1204 "client_name"; | 1205 "client_name"; |
| 1205 "client_uri"; | 1206 "client_uri"; |
| 1210 redirect_uris = { | 1211 redirect_uris = { |
| 1211 title = "List of Redirect URIs"; | 1212 title = "List of Redirect URIs"; |
| 1212 type = "array"; | 1213 type = "array"; |
| 1213 minItems = 1; | 1214 minItems = 1; |
| 1214 uniqueItems = true; | 1215 uniqueItems = true; |
| 1215 items = { title = "Redirect URI"; type = "string"; format = "uri" }; | 1216 items = { |
| 1217 title = "Redirect URI"; | |
| 1218 type = "string"; | |
| 1219 format = "uri"; | |
| 1220 examples = { | |
| 1221 "https://app.example.com/redirect"; | |
| 1222 "http://localhost:8080/redirect"; | |
| 1223 "com.example.app:/redirect"; | |
| 1224 oob_uri; | |
| 1225 device_uri; | |
| 1226 }; | |
| 1227 }; | |
| 1216 }; | 1228 }; |
| 1217 token_endpoint_auth_method = { | 1229 token_endpoint_auth_method = { |
| 1218 title = "Token Endpoint Authentication Method"; | 1230 title = "Token Endpoint Authentication Method"; |
| 1231 description = "Authentication method the client intends to use. Recommended is `client_secret_basic`. \z | |
| 1232 `none` is only allowed for use with the insecure Implicit flow."; | |
| 1219 type = "string"; | 1233 type = "string"; |
| 1220 enum = { "none"; "client_secret_post"; "client_secret_basic" }; | 1234 enum = { "none"; "client_secret_post"; "client_secret_basic" }; |
| 1221 default = "client_secret_basic"; | 1235 default = "client_secret_basic"; |
| 1222 }; | 1236 }; |
| 1223 grant_types = { | 1237 grant_types = { |
| 1224 title = "Grant Types"; | 1238 title = "Grant Types"; |
| 1239 description = "List of grant types the client intends to use."; | |
| 1225 type = "array"; | 1240 type = "array"; |
| 1226 minItems = 1; | 1241 minItems = 1; |
| 1227 uniqueItems = true; | 1242 uniqueItems = true; |
| 1228 items = { | 1243 items = { |
| 1229 type = "string"; | 1244 type = "string"; |
| 1241 default = { "authorization_code" }; | 1256 default = { "authorization_code" }; |
| 1242 }; | 1257 }; |
| 1243 application_type = { | 1258 application_type = { |
| 1244 title = "Application Type"; | 1259 title = "Application Type"; |
| 1245 description = "Determines which kinds of redirect URIs the client may register. \z | 1260 description = "Determines which kinds of redirect URIs the client may register. \z |
| 1246 The value 'web' limits the client to https:// URLs with the same hostname as in 'client_uri' \z | 1261 The value `web` limits the client to `https://` URLs with the same hostname as \z |
| 1247 while the value 'native' allows either loopback http:// URLs or application specific URIs."; | 1262 in `client_uri` while the value `native` allows either loopback URLs like \z |
| 1263 `http://localhost:8080/` or application specific URIs like `com.example.app:/redirect`."; | |
| 1248 type = "string"; | 1264 type = "string"; |
| 1249 enum = { "native"; "web" }; | 1265 enum = { "native"; "web" }; |
| 1250 default = "web"; | 1266 default = "web"; |
| 1251 }; | 1267 }; |
| 1252 response_types = { | 1268 response_types = { |
| 1262 description = "Human-readable name of the client, presented to the user in the consent dialog."; | 1278 description = "Human-readable name of the client, presented to the user in the consent dialog."; |
| 1263 type = "string"; | 1279 type = "string"; |
| 1264 }; | 1280 }; |
| 1265 client_uri = { | 1281 client_uri = { |
| 1266 title = "Client URL"; | 1282 title = "Client URL"; |
| 1267 description = "Should be an link to a page with information about the client."; | 1283 description = "Should be an link to a page with information about the client. \z |
| 1284 The hostname in this URL must be the same as in every other '_uri' property."; | |
| 1268 type = "string"; | 1285 type = "string"; |
| 1269 format = "uri"; | 1286 format = "uri"; |
| 1270 pattern = "^https:"; | 1287 pattern = "^https:"; |
| 1288 examples = { "https://app.example.com/" }; | |
| 1271 }; | 1289 }; |
| 1272 logo_uri = { | 1290 logo_uri = { |
| 1273 title = "Logo URL"; | 1291 title = "Logo URL"; |
| 1274 description = "URL to the clients logotype (not currently used)."; | 1292 description = "URL to the clients logotype (not currently used)."; |
| 1275 type = "string"; | 1293 type = "string"; |
| 1276 format = "uri"; | 1294 format = "uri"; |
| 1277 pattern = "^https:"; | 1295 pattern = "^https:"; |
| 1296 examples = { "https://app.example.com/appicon.png" }; | |
| 1278 }; | 1297 }; |
| 1279 scope = { | 1298 scope = { |
| 1280 title = "Scopes"; | 1299 title = "Scopes"; |
| 1281 description = "Space-separated list of scopes the client promises to restrict itself to."; | 1300 description = "Space-separated list of scopes the client promises to restrict itself to."; |
| 1282 type = "string"; | 1301 type = "string"; |
| 1302 examples = { "openid xmpp" }; | |
| 1283 }; | 1303 }; |
| 1284 contacts = { | 1304 contacts = { |
| 1285 title = "Contact Addresses"; | 1305 title = "Contact Addresses"; |
| 1286 description = "Addresses, typically email or URLs where the client developers can be contacted."; | 1306 description = "Addresses, typically email or URLs where the client developers can be contacted."; |
| 1287 type = "array"; | 1307 type = "array"; |
| 1289 items = { type = "string"; format = "email" }; | 1309 items = { type = "string"; format = "email" }; |
| 1290 }; | 1310 }; |
| 1291 tos_uri = { | 1311 tos_uri = { |
| 1292 title = "Terms of Service URL"; | 1312 title = "Terms of Service URL"; |
| 1293 description = "Link to Terms of Service for the client, presented to the user in the consent dialog. \z | 1313 description = "Link to Terms of Service for the client, presented to the user in the consent dialog. \z |
| 1294 MUST be a https:// URL with hostname matching that of 'client_uri'."; | 1314 MUST be a `https://` URL with hostname matching that of `client_uri`."; |
| 1295 type = "string"; | 1315 type = "string"; |
| 1296 format = "uri"; | 1316 format = "uri"; |
| 1297 pattern = "^https:"; | 1317 pattern = "^https:"; |
| 1318 examples = { "https://app.example.com/tos.html" }; | |
| 1298 }; | 1319 }; |
| 1299 policy_uri = { | 1320 policy_uri = { |
| 1300 title = "Privacy Policy URL"; | 1321 title = "Privacy Policy URL"; |
| 1301 description = "Link to a Privacy Policy for the client. MUST be a https:// URL with hostname matching that of 'client_uri'."; | 1322 description = "Link to a Privacy Policy for the client. MUST be a `https://` URL with hostname matching that of `client_uri`."; |
| 1302 type = "string"; | 1323 type = "string"; |
| 1303 format = "uri"; | 1324 format = "uri"; |
| 1304 pattern = "^https:"; | 1325 pattern = "^https:"; |
| 1326 examples = { "https://app.example.com/policy.pdf" }; | |
| 1305 }; | 1327 }; |
| 1306 software_id = { | 1328 software_id = { |
| 1307 title = "Software ID"; | 1329 title = "Software ID"; |
| 1308 description = "Unique identifier for the client software, common for all instances. Typically an UUID."; | 1330 description = "Unique identifier for the client software, common for all instances. Typically an UUID."; |
| 1309 type = "string"; | 1331 type = "string"; |
| 1312 software_version = { | 1334 software_version = { |
| 1313 title = "Software Version"; | 1335 title = "Software Version"; |
| 1314 description = "Version of the client software being registered. \z | 1336 description = "Version of the client software being registered. \z |
| 1315 E.g. to allow revoking all related tokens in the event of a security incident."; | 1337 E.g. to allow revoking all related tokens in the event of a security incident."; |
| 1316 type = "string"; | 1338 type = "string"; |
| 1317 example = "2.3.1"; | 1339 examples = { "2.3.1" }; |
| 1318 }; | 1340 }; |
| 1319 }; | 1341 }; |
| 1320 } | 1342 } |
| 1321 | 1343 |
| 1322 -- Limit per-locale fields to allowed locales, partly to keep size of client_id | 1344 -- Limit per-locale fields to allowed locales, partly to keep size of client_id |