prosody-modules: mod_http_oauth2/README.markdown comparison

mod_http_oauth2: Document client registration requirements Because they go a bit further than the basics in the RFC

comparison

equal deleted inserted replaced

-:b6af4d1ff8c1
+:cae3bb3dd45f
 oauth2_registration_key = "securely generated JWT key here"
 oauth2_registration_algorithm = "HS256"
 oauth2_registration_ttl = nil -- unlimited by default
 ```
+Registering a client is described in
+[RFC7591](https://www.rfc-editor.org/rfc/rfc7591.html).
+In addition to the requirements in the RFC, the following requirements
+are enforced:
+-   `client_name` and `client_uri` **MUST** be present.
+-   `client_uri` **MUST** be a `https://` URL.
+-   `redirect_uris` **MUST** contain at least one valid URI.
+-   If `application_type` equals `web` (or is not included) then all
+`redirect_uris` **MUST** be `https://` URIs and **MUST** use the
+same hostname part as the `client_uri`.
+-   If `application_type` equals `native` then all `redirect_uris`
+**MUST** match one of:
+-   Loopback `http://` URI, e.g. `https://127.0.0.1:8080/`
+-   Application-specific scheme, e.g. `com.example.app:/`
+-   The special OOB URI `urn:ietf:wg:oauth:2.0:oob`
+-   Informative URIs such as policy and terms of service **MUST** use
+the same scheme (i.e. `https://`) and hostname as the `client_uri`.
 ### Supported flows
 Various flows can be disabled and enabled with
 `allowed_oauth2_grant_types` and `allowed_oauth2_response_types`:

Mercurial > prosody-modules