changeset 5378:6155c46d9eea

mod_http_oauth2: Record OAuth software id and version attached to tokens Unsure if these are used anywhere, but `software_id` is supposedly more unique than `client_uri` which can vary by registration or something? Software versions can also be good to know e.g. in case there is a security issue affecting certain versions that could warrant revocation of tokens issued to it.
author Kim Alvefur <zash@zash.se>
date Thu, 27 Apr 2023 19:16:14 +0200
parents ca477408f90b
children 36d40f5b81fe
files mod_http_oauth2/mod_http_oauth2.lua
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Thu Apr 27 19:14:23 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Thu Apr 27 19:16:14 2023 +0200
@@ -153,7 +153,7 @@
 -- properties that are deemed useful e.g. in case tokens issued to a certain
 -- client needs to be revoked
 local function client_subset(client)
-	return { name = client.client_name; uri = client.client_uri };
+	return { name = client.client_name; uri = client.client_uri; id = client.software_id; version = client.software_version };
 end
 
 local function new_access_token(token_jid, role, scope_string, client, id_token, refresh_token_info)