Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 5598:b496ebc12aed
mod_http_oauth2: Add titles and descriptions to registration schema
Since it is exposed publicly, it can serve as documentation.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 14 Jul 2023 16:04:11 +0200 |
parents | 7040d0772758 |
children | 17aa3bac7f3a |
comparison
equal
deleted
inserted
replaced
5597:5ade45d93908 | 5598:b496ebc12aed |
---|---|
1056 end | 1056 end |
1057 return 200; | 1057 return 200; |
1058 end | 1058 end |
1059 | 1059 |
1060 local registration_schema = { | 1060 local registration_schema = { |
1061 title = "OAuth 2.0 Dynamic Client Registration Protocol"; | |
1061 type = "object"; | 1062 type = "object"; |
1062 required = { | 1063 required = { |
1063 -- These are shown to users in the template | 1064 -- These are shown to users in the template |
1064 "client_name"; | 1065 "client_name"; |
1065 "client_uri"; | 1066 "client_uri"; |
1066 -- We need at least one redirect URI for things to work | 1067 -- We need at least one redirect URI for things to work |
1067 "redirect_uris"; | 1068 "redirect_uris"; |
1068 }; | 1069 }; |
1069 properties = { | 1070 properties = { |
1070 redirect_uris = { type = "array"; minItems = 1; uniqueItems = true; items = { type = "string"; format = "uri" } }; | 1071 redirect_uris = { |
1072 title = "List of Redirect URIs"; | |
1073 type = "array"; | |
1074 minItems = 1; | |
1075 uniqueItems = true; | |
1076 items = { title = "Redirect URI"; type = "string"; format = "uri" }; | |
1077 }; | |
1071 token_endpoint_auth_method = { | 1078 token_endpoint_auth_method = { |
1079 title = "Token Endpoint Authentication Method"; | |
1072 type = "string"; | 1080 type = "string"; |
1073 enum = { "none"; "client_secret_post"; "client_secret_basic" }; | 1081 enum = { "none"; "client_secret_post"; "client_secret_basic" }; |
1074 default = "client_secret_basic"; | 1082 default = "client_secret_basic"; |
1075 }; | 1083 }; |
1076 grant_types = { | 1084 grant_types = { |
1085 title = "Grant Types"; | |
1077 type = "array"; | 1086 type = "array"; |
1078 minItems = 1; | 1087 minItems = 1; |
1079 uniqueItems = true; | 1088 uniqueItems = true; |
1080 items = { | 1089 items = { |
1081 type = "string"; | 1090 type = "string"; |
1090 device_uri; | 1099 device_uri; |
1091 }; | 1100 }; |
1092 }; | 1101 }; |
1093 default = { "authorization_code" }; | 1102 default = { "authorization_code" }; |
1094 }; | 1103 }; |
1095 application_type = { type = "string"; enum = { "native"; "web" }; default = "web" }; | 1104 application_type = { |
1105 title = "Application Type"; | |
1106 description = "Determines which kinds of redirect URIs the client may register. \z | |
1107 The value 'web' limits the client to https:// URLs with the same hostname as in 'client_uri' \z | |
1108 while the value 'native' allows either loopback http:// URLs or application specific URIs."; | |
1109 type = "string"; | |
1110 enum = { "native"; "web" }; | |
1111 default = "web"; | |
1112 }; | |
1096 response_types = { | 1113 response_types = { |
1114 title = "Response Types"; | |
1097 type = "array"; | 1115 type = "array"; |
1098 minItems = 1; | 1116 minItems = 1; |
1099 uniqueItems = true; | 1117 uniqueItems = true; |
1100 items = { type = "string"; enum = { "code"; "token" } }; | 1118 items = { type = "string"; enum = { "code"; "token" } }; |
1101 default = { "code" }; | 1119 default = { "code" }; |
1102 }; | 1120 }; |
1103 client_name = { type = "string" }; | 1121 client_name = { |
1104 client_uri = { type = "string"; format = "uri"; pattern = "^https:" }; | 1122 title = "Client Name"; |
1105 logo_uri = { type = "string"; format = "uri"; pattern = "^https:" }; | 1123 description = "Human-readable name of the client, presented to the user in the consent dialog."; |
1106 scope = { type = "string" }; | 1124 type = "string"; |
1107 contacts = { type = "array"; minItems = 1; items = { type = "string"; format = "email" } }; | 1125 }; |
1108 tos_uri = { type = "string"; format = "uri"; pattern = "^https:" }; | 1126 client_uri = { |
1109 policy_uri = { type = "string"; format = "uri"; pattern = "^https:" }; | 1127 title = "Client URL"; |
1110 software_id = { type = "string"; format = "uuid" }; | 1128 description = "Should be an link to a page with information about the client."; |
1111 software_version = { type = "string" }; | 1129 type = "string"; |
1130 format = "uri"; | |
1131 pattern = "^https:"; | |
1132 }; | |
1133 logo_uri = { | |
1134 title = "Logo URL"; | |
1135 description = "URL to the clients logotype (not currently used)."; | |
1136 type = "string"; | |
1137 format = "uri"; | |
1138 pattern = "^https:"; | |
1139 }; | |
1140 scope = { | |
1141 title = "Scopes"; | |
1142 description = "Space-separated list of scopes the client promises to restrict itself to."; | |
1143 type = "string"; | |
1144 }; | |
1145 contacts = { | |
1146 title = "Contact Addresses"; | |
1147 description = "Addresses, typically email or URLs where the client developers can be contacted."; | |
1148 type = "array"; | |
1149 minItems = 1; | |
1150 items = { type = "string"; format = "email" }; | |
1151 }; | |
1152 tos_uri = { | |
1153 title = "Terms of Service URL"; | |
1154 description = "Link to Terms of Service for the client, presented to the user in the consent dialog. \z | |
1155 MUST be a https:// URL with hostname matching that of 'client_uri'."; | |
1156 type = "string"; | |
1157 format = "uri"; | |
1158 pattern = "^https:"; | |
1159 }; | |
1160 policy_uri = { | |
1161 title = "Privacy Policy URL"; | |
1162 description = "Link to a Privacy Policy for the client. MUST be a https:// URL with hostname matching that of 'client_uri'."; | |
1163 type = "string"; | |
1164 format = "uri"; | |
1165 pattern = "^https:"; | |
1166 }; | |
1167 software_id = { | |
1168 title = "Software ID"; | |
1169 description = "Unique identifier for the client software, common for all instances. Typically an UUID."; | |
1170 type = "string"; | |
1171 format = "uuid"; | |
1172 }; | |
1173 software_version = { | |
1174 title = "Software Version"; | |
1175 description = "Version of the software creating being registered. \z | |
1176 E.g. to allow revoking all related tokens in the event of a security incident."; | |
1177 type = "string"; | |
1178 example = "2.3.1"; | |
1179 }; | |
1112 }; | 1180 }; |
1113 } | 1181 } |
1114 | 1182 |
1115 -- Limit per-locale fields to allowed locales, partly to keep size of client_id | 1183 -- Limit per-locale fields to allowed locales, partly to keep size of client_id |
1116 -- down, partly because we don't yet use them for anything. | 1184 -- down, partly because we don't yet use them for anything. |