comparison mod_http_oauth2/mod_http_oauth2.lua @ 5480:5108f63e762b

mod_http_oauth2: Allow CORS for browser clients Needed for web clients to reach i.e. the token endpoint.
author Kim Alvefur <zash@zash.se>
date Thu, 18 May 2023 14:51:48 +0200
parents 30e2722c9fa3
children 7998b49d6512
comparison
equal deleted inserted replaced
5479:30e2722c9fa3 5480:5108f63e762b
1023 }; 1023 };
1024 end 1024 end
1025 1025
1026 module:depends("http"); 1026 module:depends("http");
1027 module:provides("http", { 1027 module:provides("http", {
1028 cors = { enabled = true; credentials = true };
1028 route = { 1029 route = {
1029 -- OAuth 2.0 in 5 simple steps! 1030 -- OAuth 2.0 in 5 simple steps!
1030 -- This is the normal 'authorization_code' flow. 1031 -- This is the normal 'authorization_code' flow.
1031 1032
1032 -- Step 1. Create OAuth client 1033 -- Step 1. Create OAuth client
1087 -- OIDC Discovery 1088 -- OIDC Discovery
1088 1089
1089 module:provides("http", { 1090 module:provides("http", {
1090 name = "oauth2-discovery"; 1091 name = "oauth2-discovery";
1091 default_path = "/.well-known/oauth-authorization-server"; 1092 default_path = "/.well-known/oauth-authorization-server";
1093 cors = { enabled = true };
1092 route = { 1094 route = {
1093 ["GET"] = { 1095 ["GET"] = {
1094 headers = { content_type = "application/json" }; 1096 headers = { content_type = "application/json" };
1095 body = json.encode { 1097 body = json.encode {
1096 -- RFC 8414: OAuth 2.0 Authorization Server Metadata 1098 -- RFC 8414: OAuth 2.0 Authorization Server Metadata