Mercurial > prosody-modules
comparison mod_http_oauth2/README.markdown @ 5506:37621c6e5c08
mod_http_oauth2: Restructure description of client metadata requirements
Previously quite a compact block of text, maybe this is easier to read.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 01 Jun 2023 19:55:36 +0200 |
| parents | efe9e741f222 |
| children | 209299fd81e1 |
comparison
equal
deleted
inserted
replaced
| 5505:efe9e741f222 | 5506:37621c6e5c08 |
|---|---|
| 111 [RFC7591](https://www.rfc-editor.org/rfc/rfc7591.html). | 111 [RFC7591](https://www.rfc-editor.org/rfc/rfc7591.html). |
| 112 | 112 |
| 113 In addition to the requirements in the RFC, the following requirements | 113 In addition to the requirements in the RFC, the following requirements |
| 114 are enforced: | 114 are enforced: |
| 115 | 115 |
| 116 - `client_name` and `client_uri` **MUST** be present. | 116 `client_name` |
| 117 - `client_uri` **MUST** be a `https://` URL. | 117 : **MUST** be present, is shown to users in consent screen. |
| 118 - `redirect_uris` **MUST** contain at least one valid URI. | 118 |
| 119 - If `application_type` equals `web` (or is not included) then all | 119 `client_uri` |
| 120 `redirect_uris` **MUST** be `https://` URIs and **MUST** use the | 120 : **MUST** be present and **MUST** be a `https://` URL. |
| 121 same hostname part as the `client_uri`. | 121 |
| 122 - If `application_type` equals `native` then all `redirect_uris` | 122 `redirect_uris` |
| 123 **MUST** match one of: | 123 |
| 124 - Loopback HTTP URI, e.g. `http://127.0.0.1/` or `http://[::1]` | 124 : **MUST** contain at least one valid URI. Different rules apply |
| 125 - Application-specific scheme, e.g. `com.example.app:/` | 125 depending on the value of `application_type`: |
| 126 - The special OOB URI `urn:ietf:wg:oauth:2.0:oob` | 126 |
| 127 - Informative URIs such as policy and terms of service **MUST** use | 127 `web` |
| 128 the same scheme (i.e. `https://`) and hostname as the `client_uri`. | 128 : `redirect_uris` **MUST** match one of: - Loopback HTTP URI, |
| 129 e.g. `http://127.0.0.1/` or `http://[::1]` - | |
| 130 Application-specific scheme, e.g. `com.example.app:/` - The | |
| 131 special OOB URI `urn:ietf:wg:oauth:2.0:oob` | |
| 132 | |
| 133 `application_type` | |
| 134 | |
| 135 : Optional, defaults to `web`. Determines further restrictions for | |
| 136 `redirect_uris`. The following values are supported: | |
| 137 | |
| 138 `web` *(default)* | |
| 139 : For web clients. | |
| 140 | |
| 141 `native` | |
| 142 : For native e.g. desktop clients etc. | |
| 143 | |
| 144 `tos_uri`, `policy_uri` | |
| 145 : Informative URLs pointing to Terms of Service and Service Policy | |
| 146 document **MUST** use the same scheme (i.e. `https://`) and hostname | |
| 147 as the `client_uri`. | |
| 129 | 148 |
| 130 #### Registration Example | 149 #### Registration Example |
| 131 | 150 |
| 132 In short registration works by POST-ing a JSON structure describing your | 151 In short registration works by POST-ing a JSON structure describing your |
| 133 client to an endpoint: | 152 client to an endpoint: |