prosody-modules: mod_http_oauth2/mod_http

comparison mod_http_oauth2/mod_http_oauth2.lua @ 5474:d0b93105b289

mod_http_oauth2: Don't return redirects or HTML from token endpoint These are used by the client, not the user, so makes more sense to return JSON directly instead of a redirect or HTML error page when .

author	Kim Alvefur <zash@zash.se>
date	Thu, 18 May 2023 13:41:23 +0200
parents	e4382f6e3564
children	022733437fef

comparison

equal deleted inserted replaced

-:e4382f6e3564
+:d0b93105b289
 	local credentials = get_request_credentials(event.request);
 	event.response.headers.content_type = "application/json";
 	local params = http.formdecode(event.request.body);
 	if not params then
-		return error_response(event.request, oauth_error("invalid_request"));
+		return oauth_error("invalid_request");
 	end
 	if credentials and credentials.type == "basic" then
 		-- client_secret_basic converted internally to client_secret_post
 		params.client_id = http.urldecode(credentials.username);
 	end
 	local grant_type = params.grant_type
 	local grant_handler = grant_type_handlers[grant_type];
 	if not grant_handler then
-		return error_response(event.request, oauth_error("unsupported_grant_type"));
+		return oauth_error("invalid_request");
 	end
 	return grant_handler(params);
 end
 local function handle_authorization_request(event)

Mercurial > prosody-modules

comparison mod_http_oauth2/mod_http_oauth2.lua @ 5474:d0b93105b289