changeset 5385:544b92750a2a

mod_http_oauth2: Advertise supported token endpoint auth methods
author Kim Alvefur <zash@zash.se>
date Sat, 29 Apr 2023 13:23:30 +0200 (19 months ago)
parents b40f29ec391a
children 6f13200c9fc1
files mod_http_oauth2/mod_http_oauth2.lua
diffstat 1 files changed, 2 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Sat Apr 29 13:09:49 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Sat Apr 29 13:23:30 2023 +0200
@@ -582,6 +582,7 @@
 	end
 
 	if credentials and credentials.type == "basic" then
+		-- client_secret_basic converted internally to client_secret_post
 		params.client_id = http.urldecode(credentials.username);
 		params.client_secret = http.urldecode(credentials.password);
 	end
@@ -946,6 +947,7 @@
 				registration_endpoint = handle_register_request and module:http_url() .. "/register" or nil;
 				scopes_supported = usermanager.get_all_roles and array(it.keys(usermanager.get_all_roles(module.host))):append(array(openid_claims:items()));
 				response_types_supported = array(it.keys(response_type_handlers));
+				token_endpoint_auth_methods_supported = array({ "client_secret_post"; "client_secret_basic" });
 				code_challenge_methods_supported = array(it.keys(verifier_transforms));
 				authorization_response_iss_parameter_supported = true;