Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 5460:c0d62c1b4424
mod_http_oauth2: Add FIXME about loopback redirect URIs
I assume you can't possibly pre-register every port
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 17 May 2023 00:55:50 +0200 |
| parents | 260a859be86a |
| children | 06640647d193 |
comparison
equal
deleted
inserted
replaced
| 5459:260a859be86a | 5460:c0d62c1b4424 |
|---|---|
| 249 for _, redirect_uri in ipairs(client.redirect_uris) do | 249 for _, redirect_uri in ipairs(client.redirect_uris) do |
| 250 if query_redirect_uri == redirect_uri then | 250 if query_redirect_uri == redirect_uri then |
| 251 return redirect_uri | 251 return redirect_uri |
| 252 end | 252 end |
| 253 end | 253 end |
| 254 -- FIXME The authorization server MUST allow any port to be specified at the | |
| 255 -- time of the request for loopback IP redirect URIs, to accommodate clients | |
| 256 -- that obtain an available ephemeral port from the operating system at the | |
| 257 -- time of the request. | |
| 258 -- https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-08.html#section-8.4.2 | |
| 254 end | 259 end |
| 255 | 260 |
| 256 local grant_type_handlers = {}; | 261 local grant_type_handlers = {}; |
| 257 local response_type_handlers = {}; | 262 local response_type_handlers = {}; |
| 258 local verifier_transforms = {}; | 263 local verifier_transforms = {}; |