Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 5366:db4c66a1d24b
mod_http_oauth2: Fill in some client metadata defaults
Explicit > Implicit
Maybe we should actually use these for something as well? :)
It's is somewhat an open question of how strictly we should enforce
things in the client metadata given that it is somewhat extensible.
Especially some of these enum fields which have corresponding IANA
registries.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 25 Apr 2023 18:09:08 +0200 |
| parents | 698fef74ce53 |
| children | 93d445b26063 |
comparison
equal
deleted
inserted
replaced
| 5365:698fef74ce53 | 5366:db4c66a1d24b |
|---|---|
| 638 -- We need at least one redirect URI for things to work | 638 -- We need at least one redirect URI for things to work |
| 639 "redirect_uris"; | 639 "redirect_uris"; |
| 640 }; | 640 }; |
| 641 properties = { | 641 properties = { |
| 642 redirect_uris = { type = "array"; minLength = 1; items = { type = "string"; format = "uri" } }; | 642 redirect_uris = { type = "array"; minLength = 1; items = { type = "string"; format = "uri" } }; |
| 643 token_endpoint_auth_method = { type = "string"; enum = { "none"; "client_secret_post"; "client_secret_basic" } }; | 643 token_endpoint_auth_method = { type = "string"; enum = { "none"; "client_secret_post"; "client_secret_basic"; default = "client_secret_basic" } }; |
| 644 grant_types = { | 644 grant_types = { |
| 645 type = "array"; | 645 type = "array"; |
| 646 items = { | 646 items = { |
| 647 type = "string"; | 647 type = "string"; |
| 648 enum = { | 648 enum = { |
| 653 "refresh_token"; | 653 "refresh_token"; |
| 654 "urn:ietf:params:oauth:grant-type:jwt-bearer"; | 654 "urn:ietf:params:oauth:grant-type:jwt-bearer"; |
| 655 "urn:ietf:params:oauth:grant-type:saml2-bearer"; | 655 "urn:ietf:params:oauth:grant-type:saml2-bearer"; |
| 656 }; | 656 }; |
| 657 }; | 657 }; |
| 658 }; | 658 default = { "authorization_code" }; |
| 659 response_types = { type = "array"; items = { type = "string"; enum = { "code"; "token" } } }; | 659 }; |
| 660 response_types = { type = "array"; items = { type = "string"; enum = { "code"; "token" } }; default = { "code" } }; | |
| 660 client_name = { type = "string" }; | 661 client_name = { type = "string" }; |
| 661 client_uri = { type = "string"; format = "uri"; luaPattern = "^https:" }; | 662 client_uri = { type = "string"; format = "uri"; luaPattern = "^https:" }; |
| 662 logo_uri = { type = "string"; format = "uri"; luaPattern = "^https:" }; | 663 logo_uri = { type = "string"; format = "uri"; luaPattern = "^https:" }; |
| 663 scope = { type = "string" }; | 664 scope = { type = "string" }; |
| 664 contacts = { type = "array"; items = { type = "string" } }; | 665 contacts = { type = "array"; items = { type = "string" } }; |
| 677 } | 678 } |
| 678 | 679 |
| 679 function create_client(client_metadata) | 680 function create_client(client_metadata) |
| 680 if not schema.validate(registration_schema, client_metadata) then | 681 if not schema.validate(registration_schema, client_metadata) then |
| 681 return nil, oauth_error("invalid_request", "Failed schema validation."); | 682 return nil, oauth_error("invalid_request", "Failed schema validation."); |
| 683 end | |
| 684 | |
| 685 -- Fill in default values | |
| 686 for propname, propspec in pairs(registration_schema.properties) do | |
| 687 if client_metadata[propname] == nil and type(propspec) == "table" and propspec.default ~= nil then | |
| 688 client_metadata[propname] = propspec.default; | |
| 689 end | |
| 682 end | 690 end |
| 683 | 691 |
| 684 local client_uri = url.parse(client_metadata.client_uri); | 692 local client_uri = url.parse(client_metadata.client_uri); |
| 685 if not client_uri or client_uri.scheme ~= "https" then | 693 if not client_uri or client_uri.scheme ~= "https" then |
| 686 return nil, oauth_error("invalid_request", "Missing, invalid or insecure client_uri"); | 694 return nil, oauth_error("invalid_request", "Missing, invalid or insecure client_uri"); |