Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 5633:dd2079b3dec6
mod_http_oauth2: Allow omitting application type for native apps
This derives "application_type":"native" from the first redirect URI
when registering a client, so that it can be omitted without the default
value of "web" causing the very same redirect URIs to be rejected.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 16 Aug 2023 23:56:40 +0200 |
| parents | ef0a283507c9 |
| children | 7c105277a9ca |
comparison
equal
deleted
inserted
replaced
| 5632:1571c280aaef | 5633:dd2079b3dec6 |
|---|---|
| 1234 function create_client(client_metadata) | 1234 function create_client(client_metadata) |
| 1235 if not schema.validate(registration_schema, client_metadata) then | 1235 if not schema.validate(registration_schema, client_metadata) then |
| 1236 return nil, oauth_error("invalid_request", "Failed schema validation."); | 1236 return nil, oauth_error("invalid_request", "Failed schema validation."); |
| 1237 end | 1237 end |
| 1238 | 1238 |
| 1239 local client_uri = url.parse(client_metadata.client_uri); | |
| 1240 if not client_uri or client_uri.scheme ~= "https" or loopbacks:contains(client_uri.host) then | |
| 1241 return nil, oauth_error("invalid_client_metadata", "Missing, invalid or insecure client_uri"); | |
| 1242 end | |
| 1243 | |
| 1244 if not client_metadata.application_type and redirect_uri_allowed(client_metadata.redirect_uris[1], client_uri, "native") then | |
| 1245 client_metadata.application_type = "native"; | |
| 1246 -- else defaults to "web" | |
| 1247 end | |
| 1248 | |
| 1239 -- Fill in default values | 1249 -- Fill in default values |
| 1240 for propname, propspec in pairs(registration_schema.properties) do | 1250 for propname, propspec in pairs(registration_schema.properties) do |
| 1241 if client_metadata[propname] == nil and type(propspec) == "table" and propspec.default ~= nil then | 1251 if client_metadata[propname] == nil and type(propspec) == "table" and propspec.default ~= nil then |
| 1242 client_metadata[propname] = propspec.default; | 1252 client_metadata[propname] = propspec.default; |
| 1243 end | 1253 end |
| 1246 -- MUST ignore any metadata that it does not understand | 1256 -- MUST ignore any metadata that it does not understand |
| 1247 for propname in pairs(client_metadata) do | 1257 for propname in pairs(client_metadata) do |
| 1248 if not registration_schema.properties[propname] then | 1258 if not registration_schema.properties[propname] then |
| 1249 client_metadata[propname] = nil; | 1259 client_metadata[propname] = nil; |
| 1250 end | 1260 end |
| 1251 end | |
| 1252 | |
| 1253 local client_uri = url.parse(client_metadata.client_uri); | |
| 1254 if not client_uri or client_uri.scheme ~= "https" or loopbacks:contains(client_uri.host) then | |
| 1255 return nil, oauth_error("invalid_client_metadata", "Missing, invalid or insecure client_uri"); | |
| 1256 end | 1261 end |
| 1257 | 1262 |
| 1258 for _, redirect_uri in ipairs(client_metadata.redirect_uris) do | 1263 for _, redirect_uri in ipairs(client_metadata.redirect_uris) do |
| 1259 if not redirect_uri_allowed(redirect_uri, client_uri, client_metadata.application_type) then | 1264 if not redirect_uri_allowed(redirect_uri, client_uri, client_metadata.application_type) then |
| 1260 return nil, oauth_error("invalid_redirect_uri", "Invalid, insecure or inappropriate redirect URI."); | 1265 return nil, oauth_error("invalid_redirect_uri", "Invalid, insecure or inappropriate redirect URI."); |