comparison mod_http_oauth2/mod_http_oauth2.lua @ 5192:03aa9baa9ac3

mod_http_oauth2: Add support for 'iss' authz response parameter (RFC 9207)
author Matthew Wild <mwild1@gmail.com>
date Fri, 03 Mar 2023 19:21:38 +0000
parents f5a58cbe86e4
children 2bb29ece216b
comparison
equal deleted inserted replaced
5191:f5a58cbe86e4 5192:03aa9baa9ac3
135 135
136 local redirect = url.parse(redirect_uri); 136 local redirect = url.parse(redirect_uri);
137 137
138 local query = http.formdecode(redirect.query or ""); 138 local query = http.formdecode(redirect.query or "");
139 if type(query) ~= "table" then query = {}; end 139 if type(query) ~= "table" then query = {}; end
140 table.insert(query, { name = "code", value = code }) 140 table.insert(query, { name = "code", value = code });
141 table.insert(query, { name = "iss", value = module:http_url(nil, "/") });
141 if params.state then 142 if params.state then
142 table.insert(query, { name = "state", value = params.state }); 143 table.insert(query, { name = "state", value = params.state });
143 end 144 end
144 redirect.query = http.formencode(query); 145 redirect.query = http.formencode(query);
145 146
386 token_endpoint = module:http_url() .. "/token"; 387 token_endpoint = module:http_url() .. "/token";
387 jwks_uri = nil; -- TODO? 388 jwks_uri = nil; -- TODO?
388 registration_endpoint = nil; -- TODO 389 registration_endpoint = nil; -- TODO
389 scopes_supported = { "prosody:restricted"; "prosody:user"; "prosody:admin"; "prosody:operator" }; 390 scopes_supported = { "prosody:restricted"; "prosody:user"; "prosody:admin"; "prosody:operator" };
390 response_types_supported = { "code"; "token" }; 391 response_types_supported = { "code"; "token" };
392 authorization_response_iss_parameter_supported = true;
391 }; 393 };
392 }; 394 };
393 }; 395 };
394 }); 396 });
395 397