# HG changeset patch # User Kim Alvefur # Date 1682615774 -7200 # Node ID 6155c46d9eead2b74766e1af92e547b23f6bf951 # Parent ca477408f90bf8e23bfa874efd5d0952f7895003 mod_http_oauth2: Record OAuth software id and version attached to tokens Unsure if these are used anywhere, but `software_id` is supposedly more unique than `client_uri` which can vary by registration or something? Software versions can also be good to know e.g. in case there is a security issue affecting certain versions that could warrant revocation of tokens issued to it. diff -r ca477408f90b -r 6155c46d9eea mod_http_oauth2/mod_http_oauth2.lua --- a/mod_http_oauth2/mod_http_oauth2.lua Thu Apr 27 19:14:23 2023 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Thu Apr 27 19:16:14 2023 +0200 @@ -153,7 +153,7 @@ -- properties that are deemed useful e.g. in case tokens issued to a certain -- client needs to be revoked local function client_subset(client) - return { name = client.client_name; uri = client.client_uri }; + return { name = client.client_name; uri = client.client_uri; id = client.software_id; version = client.software_version }; end local function new_access_token(token_jid, role, scope_string, client, id_token, refresh_token_info)