comparison mod_http_oauth2/mod_http_oauth2.lua @ 5278:d94dba396f9f

mod_http_oauth2: Declare additional client registration fields as strings Previously any property not listed in the schema was allowed in any form, which is probably a bit too liberal. Instead, limit extra fields to simple strings, which should still allow localized versions of the various URIs and descriptive properties per RFC 7591 ยง2.2
author Kim Alvefur <zash@zash.se>
date Sun, 26 Mar 2023 14:44:30 +0200
parents a1055024b94e
children 2b858cccac8f
comparison
equal deleted inserted replaced
5277:a1055024b94e 5278:d94dba396f9f
618 jwks_uri = { type = "string"; format = "uri" }; 618 jwks_uri = { type = "string"; format = "uri" };
619 jwks = { type = "object"; description = "JSON Web Key Set, RFC 7517" }; 619 jwks = { type = "object"; description = "JSON Web Key Set, RFC 7517" };
620 software_id = { type = "string"; format = "uuid" }; 620 software_id = { type = "string"; format = "uuid" };
621 software_version = { type = "string" }; 621 software_version = { type = "string" };
622 }; 622 };
623 -- Localized versions of descriptive properties and URIs
624 additionalProperties = { type = "string" };
623 } 625 }
624 626
625 function create_client(client_metadata) 627 function create_client(client_metadata)
626 if not schema.validate(registration_schema, client_metadata) then 628 if not schema.validate(registration_schema, client_metadata) then
627 return nil, oauth_error("invalid_request", "Failed schema validation."); 629 return nil, oauth_error("invalid_request", "Failed schema validation.");