Comparison

mod_http_oauth2/mod_http_oauth2.lua @ 5385:544b92750a2a

mod_http_oauth2: Advertise supported token endpoint auth methods
author Kim Alvefur <zash@zash.se>
date Sat, 29 Apr 2023 13:23:30 +0200
parent 5384:b40f29ec391a
child 5386:6f13200c9fc1
comparison
equal deleted inserted replaced
5384:b40f29ec391a 5385:544b92750a2a
580 if not params then 580 if not params then
581 return error_response(event.request, oauth_error("invalid_request")); 581 return error_response(event.request, oauth_error("invalid_request"));
582 end 582 end
583 583
584 if credentials and credentials.type == "basic" then 584 if credentials and credentials.type == "basic" then
585 -- client_secret_basic converted internally to client_secret_post
585 params.client_id = http.urldecode(credentials.username); 586 params.client_id = http.urldecode(credentials.username);
586 params.client_secret = http.urldecode(credentials.password); 587 params.client_secret = http.urldecode(credentials.password);
587 end 588 end
588 589
589 local grant_type = params.grant_type 590 local grant_type = params.grant_type
944 token_endpoint = handle_token_grant and module:http_url() .. "/token" or nil; 945 token_endpoint = handle_token_grant and module:http_url() .. "/token" or nil;
945 jwks_uri = nil; -- TODO? 946 jwks_uri = nil; -- TODO?
946 registration_endpoint = handle_register_request and module:http_url() .. "/register" or nil; 947 registration_endpoint = handle_register_request and module:http_url() .. "/register" or nil;
947 scopes_supported = usermanager.get_all_roles and array(it.keys(usermanager.get_all_roles(module.host))):append(array(openid_claims:items())); 948 scopes_supported = usermanager.get_all_roles and array(it.keys(usermanager.get_all_roles(module.host))):append(array(openid_claims:items()));
948 response_types_supported = array(it.keys(response_type_handlers)); 949 response_types_supported = array(it.keys(response_type_handlers));
950 token_endpoint_auth_methods_supported = array({ "client_secret_post"; "client_secret_basic" });
949 code_challenge_methods_supported = array(it.keys(verifier_transforms)); 951 code_challenge_methods_supported = array(it.keys(verifier_transforms));
950 authorization_response_iss_parameter_supported = true; 952 authorization_response_iss_parameter_supported = true;
951 953
952 -- OpenID 954 -- OpenID
953 userinfo_endpoint = handle_register_request and module:http_url() .. "/userinfo" or nil; 955 userinfo_endpoint = handle_register_request and module:http_url() .. "/userinfo" or nil;