diff mod_http_oauth2/mod_http_oauth2.lua @ 5278:d94dba396f9f

mod_http_oauth2: Declare additional client registration fields as strings Previously any property not listed in the schema was allowed in any form, which is probably a bit too liberal. Instead, limit extra fields to simple strings, which should still allow localized versions of the various URIs and descriptive properties per RFC 7591 ยง2.2
author Kim Alvefur <zash@zash.se>
date Sun, 26 Mar 2023 14:44:30 +0200
parents a1055024b94e
children 2b858cccac8f
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Sun Mar 26 14:39:34 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Sun Mar 26 14:44:30 2023 +0200
@@ -620,6 +620,8 @@
 		software_id = { type = "string"; format = "uuid" };
 		software_version = { type = "string" };
 	};
+	-- Localized versions of descriptive properties and URIs
+	additionalProperties = { type = "string" };
 }
 
 function create_client(client_metadata)