diff mod_http_oauth2/mod_http_oauth2.lua @ 4259:721b528c01e1

mod_http_oauth2: Remove unnecessary redirect uri check
author Kim Alvefur <zash@zash.se>
date Sat, 21 Nov 2020 23:03:47 +0100
parents cc712899becd
children c539334dd01a
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Sat Nov 21 16:36:44 2020 +0100
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Sat Nov 21 23:03:47 2020 +0100
@@ -91,7 +91,6 @@
 	if not params.client_id then return oauth_error("invalid_request", "missing 'client_id'"); end
 	if not params.client_secret then return oauth_error("invalid_request", "missing 'client_secret'"); end
 	if not params.code then return oauth_error("invalid_request", "missing 'code'"); end
-	--if not params.redirect_uri then return oauth_error("invalid_request", "missing 'redirect_uri'"); end
 	if params.scope and params.scope ~= "" then
 		return oauth_error("invalid_scope", "unknown scope requested");
 	end
@@ -108,9 +107,6 @@
 	end
 	assert(codes:set(params.client_id, params.code, nil));
 
-	if client.redirect_uri and client.redirect_uri ~= params.redirect_uri then
-		return oauth_error("invalid_client", "incorrect 'redirect_uri'");
-	end
 
 	return json.encode(new_access_token(code.granted_jid, nil, nil));
 end