Mercurial > prosody-modules

comparison mod_http_oauth2/mod_http_oauth2.lua @ 5221:22483cfce3ce

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Reflect ALL attributes of the client registration Per RFC 7591: " Additionally, the authorization server MUST return all registered metadata about this client, including any fields provisioned by the authorization server itself. " The idea is that the server may replace/drop fields in the registration, so what gets reflected back to the client is the source of truth about the registration.
author Matthew Wild <mwild1@gmail.com>
date Tue, 07 Mar 2023 14:52:43 +0000
parents 25e824f64fd3
children 578a72982bb2
comparison
equal deleted inserted replaced
5220:d03448560acf 5221:22483cfce3ce
562 562
563 -- Do we want to keep everything? 563 -- Do we want to keep everything?
564 local client_id = jwt_sign(client_metadata); 564 local client_id = jwt_sign(client_metadata);
565 local client_secret = make_secret(client_id); 565 local client_secret = make_secret(client_id);
566 566
567 local client_desc = { 567 client_metadata.client_id = client_id;
568 client_id = client_id; 568 client_metadata.client_secret = client_secret;
569 client_secret = client_secret; 569 client_metadata.client_id_issued_at = os.time();
570 client_id_issued_at = os.time(); 570 client_metadata.client_secret_expires_at = 0;
571 client_secret_expires_at = 0; 571
572 }
573 if not registration_options.accept_expired then 572 if not registration_options.accept_expired then
574 client_desc.client_secret_expires_at = client_desc.client_id_issued_at + (registration_options.default_ttl or 3600); 573 client_metadata.client_secret_expires_at = client_metadata.client_id_issued_at + (registration_options.default_ttl or 3600);
575 end 574 end
576 575
577 return { 576 return {
578 status_code = 201; 577 status_code = 201;
579 headers = { content_type = "application/json" }; 578 headers = { content_type = "application/json" };
580 body = json.encode(client_desc); 579 body = json.encode(client_metadata);
581 }; 580 };
582 end 581 end
583 582
584 if not registration_key then 583 if not registration_key then
585 module:log("info", "No 'oauth2_registration_key', dynamic client registration disabled") 584 module:log("info", "No 'oauth2_registration_key', dynamic client registration disabled")