# HG changeset patch # User Kim Alvefur # Date 1678968253 -3600 # Node ID d9bc8712a74517a2fad51f602a3f936ab64bb19e # Parent 3390bb2f9f6c9bc8bc70481c160bdd85659dd20f mod_auth_oauth_external: Allow setting identity instead of discovery URL Shorter and the .well-known part is, well, well-known. diff -r 3390bb2f9f6c -r d9bc8712a745 mod_auth_oauth_external/README.md --- a/mod_auth_oauth_external/README.md Thu Mar 16 12:45:52 2023 +0100 +++ b/mod_auth_oauth_external/README.md Thu Mar 16 13:04:13 2023 +0100 @@ -20,11 +20,15 @@ # Configuration +`oauth_external_issuer` +: Optional URL string representing the Authorization server identity. + `oauth_external_discovery_url` : Optional URL string pointing to [OAuth 2.0 Authorization Server Metadata](https://oauth.net/2/authorization-server-metadata/). Lets clients discover where they should retrieve access tokens from if - they don't have one yet. + they don't have one yet. Default based on `oauth_external_issuer` is + set, otherwise empty. `oauth_external_validation_endpoint` : URL string. The token validation endpoint, should validate the token diff -r 3390bb2f9f6c -r d9bc8712a745 mod_auth_oauth_external/mod_auth_oauth_external.lua --- a/mod_auth_oauth_external/mod_auth_oauth_external.lua Thu Mar 16 12:45:52 2023 +0100 +++ b/mod_auth_oauth_external/mod_auth_oauth_external.lua Thu Mar 16 13:04:13 2023 +0100 @@ -3,8 +3,9 @@ local json = require "util.json"; local sasl = require "util.sasl"; --- TODO -- local issuer_identity = module:get_option_string("oauth_external_issuer"); -local oidc_discovery_url = module:get_option_string("oauth_external_discovery_url") +local issuer_identity = module:get_option_string("oauth_external_issuer"); +local oidc_discovery_url = module:get_option_string("oauth_external_discovery_url", + issuer_identity and issuer_identity .. "/.well-known/oauth-authorization-server" or nil); local validation_endpoint = module:get_option_string("oauth_external_validation_endpoint"); local token_endpoint = module:get_option_string("oauth_external_token_endpoint");