# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1677871298 0
# Node ID 03aa9baa9ac3056acf023ed92e27ad9c36c38538
# Parent  f5a58cbe86e48c6c0f1ea19bc6e3dea7147cb881
mod_http_oauth2: Add support for 'iss' authz response parameter (RFC 9207)

diff -r f5a58cbe86e4 -r 03aa9baa9ac3 mod_http_oauth2/mod_http_oauth2.lua
--- a/mod_http_oauth2/mod_http_oauth2.lua	Fri Mar 03 18:00:28 2023 +0100
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Fri Mar 03 19:21:38 2023 +0000
@@ -137,7 +137,8 @@
 
 	local query = http.formdecode(redirect.query or "");
 	if type(query) ~= "table" then query = {}; end
-	table.insert(query, { name = "code", value = code })
+	table.insert(query, { name = "code", value = code });
+	table.insert(query, { name = "iss", value = module:http_url(nil, "/") });
 	if params.state then
 		table.insert(query, { name = "state", value = params.state });
 	end
@@ -388,6 +389,7 @@
 				registration_endpoint = nil; -- TODO
 				scopes_supported = { "prosody:restricted"; "prosody:user"; "prosody:admin"; "prosody:operator" };
 				response_types_supported = { "code"; "token" };
+				authorization_response_iss_parameter_supported = true;
 			};
 		};
 	};