Mercurial > prosody-modules
diff mod_http_oauth2/mod_http_oauth2.lua @ 5474:d0b93105b289
mod_http_oauth2: Don't return redirects or HTML from token endpoint
These are used by the client, not the user, so makes more sense to
return JSON directly instead of a redirect or HTML error page when .
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 18 May 2023 13:41:23 +0200 |
parents | e4382f6e3564 |
children | 022733437fef |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Thu May 18 13:27:27 2023 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Thu May 18 13:41:23 2023 +0200 @@ -664,7 +664,7 @@ event.response.headers.content_type = "application/json"; local params = http.formdecode(event.request.body); if not params then - return error_response(event.request, oauth_error("invalid_request")); + return oauth_error("invalid_request"); end if credentials and credentials.type == "basic" then @@ -676,7 +676,7 @@ local grant_type = params.grant_type local grant_handler = grant_type_handlers[grant_type]; if not grant_handler then - return error_response(event.request, oauth_error("unsupported_grant_type")); + return oauth_error("invalid_request"); end return grant_handler(params); end