# HG changeset patch # User Kim Alvefur # Date 1682157721 -7200 # Node ID 41a418ebc60b5dd133baf82501aa7903fa177493 # Parent 39d59d857bfb5bdb85eca2e95e7895106468d5ac mod_http_oauth2: Enforce https requirement on TOS URI In create_client() it validates that all fields with format=uri are https and match the client_uri host. diff -r 39d59d857bfb -r 41a418ebc60b mod_http_oauth2/mod_http_oauth2.lua --- a/mod_http_oauth2/mod_http_oauth2.lua Sat Apr 22 11:59:52 2023 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Sat Apr 22 12:02:01 2023 +0200 @@ -662,7 +662,7 @@ logo_uri = { type = "string"; format = "uri" }; scope = { type = "string" }; contacts = { type = "array"; items = { type = "string" } }; - tos_uri = { type = "string" }; + tos_uri = { type = "string"; format = "uri" }; policy_uri = { type = "string"; format = "uri" }; jwks_uri = { type = "string"; format = "uri" }; jwks = { type = "object"; description = "JSON Web Key Set, RFC 7517" };