comparison mod_http_oauth2/mod_http_oauth2.lua @ 5766:b8a2b3ebe792

mod_http_oauth2: Return validation output added in trunk rev 72d7830505f0 It's not fun at all to try to register a client and only get back "failed schema validation", this should help with that.
author Kim Alvefur <zash@zash.se>
date Sun, 03 Dec 2023 23:44:18 +0100
parents 87920d436cb4
children a967bb4972c5
comparison
equal deleted inserted replaced
5765:78368d2865dd 5766:b8a2b3ebe792
1342 return uri.scheme == "https" and uri.host == client_uri.host; 1342 return uri.scheme == "https" and uri.host == client_uri.host;
1343 end 1343 end
1344 end 1344 end
1345 1345
1346 function create_client(client_metadata) 1346 function create_client(client_metadata)
1347 if not schema.validate(registration_schema, client_metadata) then 1347 local valid, validation_errors = schema.validate(registration_schema, client_metadata);
1348 return nil, oauth_error("invalid_request", "Failed schema validation."); 1348 if not valid then
1349 return nil, errors.new({
1350 type = "modify";
1351 condition = "bad-request";
1352 code = 400;
1353 text = "Failed schema validation.";
1354 extra = {
1355 oauth2_response = {
1356 error = "invalid_request";
1357 error_description = "Client registration data failed schema validation."; -- TODO Generate from validation_errors?
1358 -- JSON Schema Output Format
1359 -- https://json-schema.org/draft/2020-12/draft-bhutton-json-schema-01#name-basic
1360 valid = false;
1361 errors = validation_errors;
1362 };
1363 };
1364 });
1349 end 1365 end
1350 1366
1351 local client_uri = url.parse(client_metadata.client_uri); 1367 local client_uri = url.parse(client_metadata.client_uri);
1352 if not client_uri or client_uri.scheme ~= "https" or loopbacks:contains(client_uri.host) then 1368 if not client_uri or client_uri.scheme ~= "https" or loopbacks:contains(client_uri.host) then
1353 return nil, oauth_error("invalid_client_metadata", "Missing, invalid or insecure client_uri"); 1369 return nil, oauth_error("invalid_client_metadata", "Missing, invalid or insecure client_uri");