# HG changeset patch # User Kim Alvefur # Date 1683039662 -7200 # Node ID 3989c57cc5512d0545d3ddc986faf270baec1db2 # Parent 149634647b482ad363fba62fdbb14c0949560182 mod_http_oauth2: Allow configuring links to policy and terms in metadata These are for the Authorization Server, here the same as the XMPP server. diff -r 149634647b48 -r 3989c57cc551 mod_http_oauth2/README.markdown --- a/mod_http_oauth2/README.markdown Tue May 02 16:39:32 2023 +0200 +++ b/mod_http_oauth2/README.markdown Tue May 02 17:01:02 2023 +0200 @@ -138,6 +138,16 @@ } ``` +### Policy documents + +Links to Terms of Service and Service Policy documents can be advertised +for use by OAuth clients: + +```lua +oauth2_terms_url = "https://example.com/terms-of-service.html" +oauth2_policy_url = "https://example.com/service-policy.pdf" +``` + ## Deployment notes ### Access management diff -r 149634647b48 -r 3989c57cc551 mod_http_oauth2/mod_http_oauth2.lua --- a/mod_http_oauth2/mod_http_oauth2.lua Tue May 02 16:39:32 2023 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Tue May 02 17:01:02 2023 +0200 @@ -980,6 +980,8 @@ scopes_supported = usermanager.get_all_roles and array(it.keys(usermanager.get_all_roles(module.host))):append(array(openid_claims:items())); response_types_supported = array(it.keys(response_type_handlers)); token_endpoint_auth_methods_supported = array({ "client_secret_post"; "client_secret_basic" }); + op_policy_uri = module:get_option_string("oauth2_policy_url", nil); + op_tos_uri = module:get_option_string("oauth2_terms_url", nil); revocation_endpoint = handle_revocation_request and module:http_url() .. "/revoke" or nil; revocation_endpoint_auth_methods_supported = array({ "client_secret_basic" }); code_challenge_methods_supported = array(it.keys(verifier_transforms));