changeset 5463:dacde53467f3

mod_http_oauth2: Proper OAuth error for invalid redirect URI in implicit flow too
author Kim Alvefur <zash@zash.se>
date Wed, 17 May 2023 16:40:07 +0200
parents f6d8830a83fe
children 2a11f590c5c8
files mod_http_oauth2/mod_http_oauth2.lua
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Wed May 17 16:34:19 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Wed May 17 16:40:07 2023 +0200
@@ -369,7 +369,7 @@
 	local token_info = new_access_token(granted_jid, granted_role, granted_scopes, client, nil);
 
 	local redirect = url.parse(get_redirect_uri(client, params.redirect_uri));
-	if not redirect then return 400; end
+	if not redirect then return oauth_error("invalid_redirect_uri"); end
 	token_info.state = params.state;
 	redirect.fragment = http.formencode(token_info);