diff mod_http_oauth2/mod_http_oauth2.lua @ 5263:381c62ef52aa

mod_http_oauth2: Group metadata section into OAuth and OpenID Could easily be confusing otherwise if you're reading one spec and see properties not defined there.
author Kim Alvefur <zash@zash.se>
date Tue, 21 Mar 2023 21:45:02 +0100
parents e73f364b5624
children d3ebaef1ea7a
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Tue Mar 21 21:36:54 2023 +0100
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Tue Mar 21 21:45:02 2023 +0100
@@ -792,16 +792,19 @@
 		["GET"] = {
 			headers = { content_type = "application/json" };
 			body = json.encode {
+				-- RFC 8414: OAuth 2.0 Authorization Server Metadata
 				issuer = get_issuer();
 				authorization_endpoint = handle_authorization_request and module:http_url() .. "/authorize" or nil;
 				token_endpoint = handle_token_grant and module:http_url() .. "/token" or nil;
 				jwks_uri = nil; -- TODO?
-				userinfo_endpoint = handle_register_request and module:http_url() .. "/userinfo" or nil;
 				registration_endpoint = handle_register_request and module:http_url() .. "/register" or nil;
 				scopes_supported = usermanager.get_all_roles and array(it.keys(usermanager.get_all_roles(module.host))):push("openid")
 					or { "prosody:restricted"; "prosody:user"; "prosody:admin"; "prosody:operator"; "openid" };
 				response_types_supported = array(it.keys(response_type_handlers));
 				authorization_response_iss_parameter_supported = true;
+
+				-- OpenID
+				userinfo_endpoint = handle_register_request and module:http_url() .. "/userinfo" or nil;
 			};
 		};
 	};