# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1682767410 -7200
# Node ID 544b92750a2a06bfc773f6adebc51466d0087b20
# Parent  b40f29ec391a7bbda4abc1d19003e29ce99dfe31
mod_http_oauth2: Advertise supported token endpoint auth methods

diff -r b40f29ec391a -r 544b92750a2a mod_http_oauth2/mod_http_oauth2.lua
--- a/mod_http_oauth2/mod_http_oauth2.lua	Sat Apr 29 13:09:49 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Sat Apr 29 13:23:30 2023 +0200
@@ -582,6 +582,7 @@
 	end
 
 	if credentials and credentials.type == "basic" then
+		-- client_secret_basic converted internally to client_secret_post
 		params.client_id = http.urldecode(credentials.username);
 		params.client_secret = http.urldecode(credentials.password);
 	end
@@ -946,6 +947,7 @@
 				registration_endpoint = handle_register_request and module:http_url() .. "/register" or nil;
 				scopes_supported = usermanager.get_all_roles and array(it.keys(usermanager.get_all_roles(module.host))):append(array(openid_claims:items()));
 				response_types_supported = array(it.keys(response_type_handlers));
+				token_endpoint_auth_methods_supported = array({ "client_secret_post"; "client_secret_basic" });
 				code_challenge_methods_supported = array(it.keys(verifier_transforms));
 				authorization_response_iss_parameter_supported = true;