Mercurial > prosody-modules
changeset 5633:dd2079b3dec6
mod_http_oauth2: Allow omitting application type for native apps
This derives "application_type":"native" from the first redirect URI
when registering a client, so that it can be omitted without the default
value of "web" causing the very same redirect URIs to be rejected.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 16 Aug 2023 23:56:40 +0200 (16 months ago) |
parents | 1571c280aaef |
children | f3b7e05c74a9 |
files | mod_http_oauth2/mod_http_oauth2.lua |
diffstat | 1 files changed, 10 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Wed Aug 16 11:17:28 2023 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Wed Aug 16 23:56:40 2023 +0200 @@ -1236,6 +1236,16 @@ return nil, oauth_error("invalid_request", "Failed schema validation."); end + local client_uri = url.parse(client_metadata.client_uri); + if not client_uri or client_uri.scheme ~= "https" or loopbacks:contains(client_uri.host) then + return nil, oauth_error("invalid_client_metadata", "Missing, invalid or insecure client_uri"); + end + + if not client_metadata.application_type and redirect_uri_allowed(client_metadata.redirect_uris[1], client_uri, "native") then + client_metadata.application_type = "native"; + -- else defaults to "web" + end + -- Fill in default values for propname, propspec in pairs(registration_schema.properties) do if client_metadata[propname] == nil and type(propspec) == "table" and propspec.default ~= nil then @@ -1250,11 +1260,6 @@ end end - local client_uri = url.parse(client_metadata.client_uri); - if not client_uri or client_uri.scheme ~= "https" or loopbacks:contains(client_uri.host) then - return nil, oauth_error("invalid_client_metadata", "Missing, invalid or insecure client_uri"); - end - for _, redirect_uri in ipairs(client_metadata.redirect_uris) do if not redirect_uri_allowed(redirect_uri, client_uri, client_metadata.application_type) then return nil, oauth_error("invalid_redirect_uri", "Invalid, insecure or inappropriate redirect URI.");