# HG changeset patch # User Kim Alvefur # Date 1682438948 -7200 # Node ID db4c66a1d24b9987aa538ff34ac7b46e09d83abd # Parent 698fef74ce538c3027771333f95e684eba28097b mod_http_oauth2: Fill in some client metadata defaults Explicit > Implicit Maybe we should actually use these for something as well? :) It's is somewhat an open question of how strictly we should enforce things in the client metadata given that it is somewhat extensible. Especially some of these enum fields which have corresponding IANA registries. diff -r 698fef74ce53 -r db4c66a1d24b mod_http_oauth2/mod_http_oauth2.lua --- a/mod_http_oauth2/mod_http_oauth2.lua Tue Apr 25 17:38:36 2023 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Tue Apr 25 18:09:08 2023 +0200 @@ -640,7 +640,7 @@ }; properties = { redirect_uris = { type = "array"; minLength = 1; items = { type = "string"; format = "uri" } }; - token_endpoint_auth_method = { type = "string"; enum = { "none"; "client_secret_post"; "client_secret_basic" } }; + token_endpoint_auth_method = { type = "string"; enum = { "none"; "client_secret_post"; "client_secret_basic"; default = "client_secret_basic" } }; grant_types = { type = "array"; items = { @@ -655,8 +655,9 @@ "urn:ietf:params:oauth:grant-type:saml2-bearer"; }; }; + default = { "authorization_code" }; }; - response_types = { type = "array"; items = { type = "string"; enum = { "code"; "token" } } }; + response_types = { type = "array"; items = { type = "string"; enum = { "code"; "token" } }; default = { "code" } }; client_name = { type = "string" }; client_uri = { type = "string"; format = "uri"; luaPattern = "^https:" }; logo_uri = { type = "string"; format = "uri"; luaPattern = "^https:" }; @@ -681,6 +682,13 @@ return nil, oauth_error("invalid_request", "Failed schema validation."); end + -- Fill in default values + for propname, propspec in pairs(registration_schema.properties) do + if client_metadata[propname] == nil and type(propspec) == "table" and propspec.default ~= nil then + client_metadata[propname] = propspec.default; + end + end + local client_uri = url.parse(client_metadata.client_uri); if not client_uri or client_uri.scheme ~= "https" then return nil, oauth_error("invalid_request", "Missing, invalid or insecure client_uri");