Mercurial > prosody-modules
changeset 5221:22483cfce3ce
mod_http_oauth2: Reflect ALL attributes of the client registration
Per RFC 7591:
"
Additionally, the authorization server MUST return all registered
metadata about this client, including any fields provisioned by the
authorization server itself.
"
The idea is that the server may replace/drop fields in the registration, so
what gets reflected back to the client is the source of truth about the
registration.
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Tue, 07 Mar 2023 14:52:43 +0000 |
parents | d03448560acf |
children | 578a72982bb2 |
files | mod_http_oauth2/mod_http_oauth2.lua |
diffstat | 1 files changed, 7 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Tue Mar 07 14:59:45 2023 +0100 +++ b/mod_http_oauth2/mod_http_oauth2.lua Tue Mar 07 14:52:43 2023 +0000 @@ -564,20 +564,19 @@ local client_id = jwt_sign(client_metadata); local client_secret = make_secret(client_id); - local client_desc = { - client_id = client_id; - client_secret = client_secret; - client_id_issued_at = os.time(); - client_secret_expires_at = 0; - } + client_metadata.client_id = client_id; + client_metadata.client_secret = client_secret; + client_metadata.client_id_issued_at = os.time(); + client_metadata.client_secret_expires_at = 0; + if not registration_options.accept_expired then - client_desc.client_secret_expires_at = client_desc.client_id_issued_at + (registration_options.default_ttl or 3600); + client_metadata.client_secret_expires_at = client_metadata.client_id_issued_at + (registration_options.default_ttl or 3600); end return { status_code = 201; headers = { content_type = "application/json" }; - body = json.encode(client_desc); + body = json.encode(client_metadata); }; end