changeset 5192:03aa9baa9ac3

mod_http_oauth2: Add support for 'iss' authz response parameter (RFC 9207)
author Matthew Wild <mwild1@gmail.com>
date Fri, 03 Mar 2023 19:21:38 +0000
parents f5a58cbe86e4
children 2bb29ece216b
files mod_http_oauth2/mod_http_oauth2.lua
diffstat 1 files changed, 3 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Fri Mar 03 18:00:28 2023 +0100
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Fri Mar 03 19:21:38 2023 +0000
@@ -137,7 +137,8 @@
 
 	local query = http.formdecode(redirect.query or "");
 	if type(query) ~= "table" then query = {}; end
-	table.insert(query, { name = "code", value = code })
+	table.insert(query, { name = "code", value = code });
+	table.insert(query, { name = "iss", value = module:http_url(nil, "/") });
 	if params.state then
 		table.insert(query, { name = "state", value = params.state });
 	end
@@ -388,6 +389,7 @@
 				registration_endpoint = nil; -- TODO
 				scopes_supported = { "prosody:restricted"; "prosody:user"; "prosody:admin"; "prosody:operator" };
 				response_types_supported = { "code"; "token" };
+				authorization_response_iss_parameter_supported = true;
 			};
 		};
 	};