Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 5598:b496ebc12aed
mod_http_oauth2: Add titles and descriptions to registration schema
Since it is exposed publicly, it can serve as documentation.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 14 Jul 2023 16:04:11 +0200 |
| parents | 7040d0772758 |
| children | 17aa3bac7f3a |
comparison
equal
deleted
inserted
replaced
| 5597:5ade45d93908 | 5598:b496ebc12aed |
|---|---|
| 1056 end | 1056 end |
| 1057 return 200; | 1057 return 200; |
| 1058 end | 1058 end |
| 1059 | 1059 |
| 1060 local registration_schema = { | 1060 local registration_schema = { |
| 1061 title = "OAuth 2.0 Dynamic Client Registration Protocol"; | |
| 1061 type = "object"; | 1062 type = "object"; |
| 1062 required = { | 1063 required = { |
| 1063 -- These are shown to users in the template | 1064 -- These are shown to users in the template |
| 1064 "client_name"; | 1065 "client_name"; |
| 1065 "client_uri"; | 1066 "client_uri"; |
| 1066 -- We need at least one redirect URI for things to work | 1067 -- We need at least one redirect URI for things to work |
| 1067 "redirect_uris"; | 1068 "redirect_uris"; |
| 1068 }; | 1069 }; |
| 1069 properties = { | 1070 properties = { |
| 1070 redirect_uris = { type = "array"; minItems = 1; uniqueItems = true; items = { type = "string"; format = "uri" } }; | 1071 redirect_uris = { |
| 1072 title = "List of Redirect URIs"; | |
| 1073 type = "array"; | |
| 1074 minItems = 1; | |
| 1075 uniqueItems = true; | |
| 1076 items = { title = "Redirect URI"; type = "string"; format = "uri" }; | |
| 1077 }; | |
| 1071 token_endpoint_auth_method = { | 1078 token_endpoint_auth_method = { |
| 1079 title = "Token Endpoint Authentication Method"; | |
| 1072 type = "string"; | 1080 type = "string"; |
| 1073 enum = { "none"; "client_secret_post"; "client_secret_basic" }; | 1081 enum = { "none"; "client_secret_post"; "client_secret_basic" }; |
| 1074 default = "client_secret_basic"; | 1082 default = "client_secret_basic"; |
| 1075 }; | 1083 }; |
| 1076 grant_types = { | 1084 grant_types = { |
| 1085 title = "Grant Types"; | |
| 1077 type = "array"; | 1086 type = "array"; |
| 1078 minItems = 1; | 1087 minItems = 1; |
| 1079 uniqueItems = true; | 1088 uniqueItems = true; |
| 1080 items = { | 1089 items = { |
| 1081 type = "string"; | 1090 type = "string"; |
| 1090 device_uri; | 1099 device_uri; |
| 1091 }; | 1100 }; |
| 1092 }; | 1101 }; |
| 1093 default = { "authorization_code" }; | 1102 default = { "authorization_code" }; |
| 1094 }; | 1103 }; |
| 1095 application_type = { type = "string"; enum = { "native"; "web" }; default = "web" }; | 1104 application_type = { |
| 1105 title = "Application Type"; | |
| 1106 description = "Determines which kinds of redirect URIs the client may register. \z | |
| 1107 The value 'web' limits the client to https:// URLs with the same hostname as in 'client_uri' \z | |
| 1108 while the value 'native' allows either loopback http:// URLs or application specific URIs."; | |
| 1109 type = "string"; | |
| 1110 enum = { "native"; "web" }; | |
| 1111 default = "web"; | |
| 1112 }; | |
| 1096 response_types = { | 1113 response_types = { |
| 1114 title = "Response Types"; | |
| 1097 type = "array"; | 1115 type = "array"; |
| 1098 minItems = 1; | 1116 minItems = 1; |
| 1099 uniqueItems = true; | 1117 uniqueItems = true; |
| 1100 items = { type = "string"; enum = { "code"; "token" } }; | 1118 items = { type = "string"; enum = { "code"; "token" } }; |
| 1101 default = { "code" }; | 1119 default = { "code" }; |
| 1102 }; | 1120 }; |
| 1103 client_name = { type = "string" }; | 1121 client_name = { |
| 1104 client_uri = { type = "string"; format = "uri"; pattern = "^https:" }; | 1122 title = "Client Name"; |
| 1105 logo_uri = { type = "string"; format = "uri"; pattern = "^https:" }; | 1123 description = "Human-readable name of the client, presented to the user in the consent dialog."; |
| 1106 scope = { type = "string" }; | 1124 type = "string"; |
| 1107 contacts = { type = "array"; minItems = 1; items = { type = "string"; format = "email" } }; | 1125 }; |
| 1108 tos_uri = { type = "string"; format = "uri"; pattern = "^https:" }; | 1126 client_uri = { |
| 1109 policy_uri = { type = "string"; format = "uri"; pattern = "^https:" }; | 1127 title = "Client URL"; |
| 1110 software_id = { type = "string"; format = "uuid" }; | 1128 description = "Should be an link to a page with information about the client."; |
| 1111 software_version = { type = "string" }; | 1129 type = "string"; |
| 1130 format = "uri"; | |
| 1131 pattern = "^https:"; | |
| 1132 }; | |
| 1133 logo_uri = { | |
| 1134 title = "Logo URL"; | |
| 1135 description = "URL to the clients logotype (not currently used)."; | |
| 1136 type = "string"; | |
| 1137 format = "uri"; | |
| 1138 pattern = "^https:"; | |
| 1139 }; | |
| 1140 scope = { | |
| 1141 title = "Scopes"; | |
| 1142 description = "Space-separated list of scopes the client promises to restrict itself to."; | |
| 1143 type = "string"; | |
| 1144 }; | |
| 1145 contacts = { | |
| 1146 title = "Contact Addresses"; | |
| 1147 description = "Addresses, typically email or URLs where the client developers can be contacted."; | |
| 1148 type = "array"; | |
| 1149 minItems = 1; | |
| 1150 items = { type = "string"; format = "email" }; | |
| 1151 }; | |
| 1152 tos_uri = { | |
| 1153 title = "Terms of Service URL"; | |
| 1154 description = "Link to Terms of Service for the client, presented to the user in the consent dialog. \z | |
| 1155 MUST be a https:// URL with hostname matching that of 'client_uri'."; | |
| 1156 type = "string"; | |
| 1157 format = "uri"; | |
| 1158 pattern = "^https:"; | |
| 1159 }; | |
| 1160 policy_uri = { | |
| 1161 title = "Privacy Policy URL"; | |
| 1162 description = "Link to a Privacy Policy for the client. MUST be a https:// URL with hostname matching that of 'client_uri'."; | |
| 1163 type = "string"; | |
| 1164 format = "uri"; | |
| 1165 pattern = "^https:"; | |
| 1166 }; | |
| 1167 software_id = { | |
| 1168 title = "Software ID"; | |
| 1169 description = "Unique identifier for the client software, common for all instances. Typically an UUID."; | |
| 1170 type = "string"; | |
| 1171 format = "uuid"; | |
| 1172 }; | |
| 1173 software_version = { | |
| 1174 title = "Software Version"; | |
| 1175 description = "Version of the software creating being registered. \z | |
| 1176 E.g. to allow revoking all related tokens in the event of a security incident."; | |
| 1177 type = "string"; | |
| 1178 example = "2.3.1"; | |
| 1179 }; | |
| 1112 }; | 1180 }; |
| 1113 } | 1181 } |
| 1114 | 1182 |
| 1115 -- Limit per-locale fields to allowed locales, partly to keep size of client_id | 1183 -- Limit per-locale fields to allowed locales, partly to keep size of client_id |
| 1116 -- down, partly because we don't yet use them for anything. | 1184 -- down, partly because we don't yet use them for anything. |