Software /
code /
prosody-modules
Comparison
mod_http_oauth2/README.markdown @ 5506:37621c6e5c08
mod_http_oauth2: Restructure description of client metadata requirements
Previously quite a compact block of text, maybe this is easier to read.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 01 Jun 2023 19:55:36 +0200 |
parent | 5505:efe9e741f222 |
child | 5507:209299fd81e1 |
comparison
equal
deleted
inserted
replaced
5505:efe9e741f222 | 5506:37621c6e5c08 |
---|---|
111 [RFC7591](https://www.rfc-editor.org/rfc/rfc7591.html). | 111 [RFC7591](https://www.rfc-editor.org/rfc/rfc7591.html). |
112 | 112 |
113 In addition to the requirements in the RFC, the following requirements | 113 In addition to the requirements in the RFC, the following requirements |
114 are enforced: | 114 are enforced: |
115 | 115 |
116 - `client_name` and `client_uri` **MUST** be present. | 116 `client_name` |
117 - `client_uri` **MUST** be a `https://` URL. | 117 : **MUST** be present, is shown to users in consent screen. |
118 - `redirect_uris` **MUST** contain at least one valid URI. | 118 |
119 - If `application_type` equals `web` (or is not included) then all | 119 `client_uri` |
120 `redirect_uris` **MUST** be `https://` URIs and **MUST** use the | 120 : **MUST** be present and **MUST** be a `https://` URL. |
121 same hostname part as the `client_uri`. | 121 |
122 - If `application_type` equals `native` then all `redirect_uris` | 122 `redirect_uris` |
123 **MUST** match one of: | 123 |
124 - Loopback HTTP URI, e.g. `http://127.0.0.1/` or `http://[::1]` | 124 : **MUST** contain at least one valid URI. Different rules apply |
125 - Application-specific scheme, e.g. `com.example.app:/` | 125 depending on the value of `application_type`: |
126 - The special OOB URI `urn:ietf:wg:oauth:2.0:oob` | 126 |
127 - Informative URIs such as policy and terms of service **MUST** use | 127 `web` |
128 the same scheme (i.e. `https://`) and hostname as the `client_uri`. | 128 : `redirect_uris` **MUST** match one of: - Loopback HTTP URI, |
129 e.g. `http://127.0.0.1/` or `http://[::1]` - | |
130 Application-specific scheme, e.g. `com.example.app:/` - The | |
131 special OOB URI `urn:ietf:wg:oauth:2.0:oob` | |
132 | |
133 `application_type` | |
134 | |
135 : Optional, defaults to `web`. Determines further restrictions for | |
136 `redirect_uris`. The following values are supported: | |
137 | |
138 `web` *(default)* | |
139 : For web clients. | |
140 | |
141 `native` | |
142 : For native e.g. desktop clients etc. | |
143 | |
144 `tos_uri`, `policy_uri` | |
145 : Informative URLs pointing to Terms of Service and Service Policy | |
146 document **MUST** use the same scheme (i.e. `https://`) and hostname | |
147 as the `client_uri`. | |
129 | 148 |
130 #### Registration Example | 149 #### Registration Example |
131 | 150 |
132 In short registration works by POST-ing a JSON structure describing your | 151 In short registration works by POST-ing a JSON structure describing your |
133 client to an endpoint: | 152 client to an endpoint: |