prosody-modules
578fa5d97daa
mod_http_oauth2/mod_http_oauth2.lua
Software / code / prosody-modules
Comparison
mod_http_oauth2/mod_http_oauth2.lua @ 6327:578fa5d97daa
mod_http_oauth2: Avoid tripping on redirect URIs when omitted
Since device clients don't need to include redirect_uris, this function
needs to handle that case and not try to index the missing array.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 03 Jul 2025 16:18:38 +0200 |
| parent | 6326:17d9533f7596 |
| child | 6334:9b03238d4e0e |
comparison
equal
deleted
inserted
replaced
| 6326:17d9533f7596 | 6327:578fa5d97daa |
|---|---|
| 379 if array_contains(client.grant_types, device_uri) then | 379 if array_contains(client.grant_types, device_uri) then |
| 380 return query_redirect_uri; | 380 return query_redirect_uri; |
| 381 end | 381 end |
| 382 -- Tried to use device authorization flow without registering it. | 382 -- Tried to use device authorization flow without registering it. |
| 383 return; | 383 return; |
| 384 elseif not query_redirect_uri and client.redirect_uris then | 384 elseif not client.redirect_uris then |
| 385 return; | |
| 386 elseif not query_redirect_uri then | |
| 385 if #client.redirect_uris ~= 1 then | 387 if #client.redirect_uris ~= 1 then |
| 386 -- Client registered multiple URIs, it needs specify which one to use | 388 -- Client registered multiple URIs, it needs specify which one to use |
| 387 return; | 389 return; |
| 388 end | 390 end |
| 389 -- When only a single URI is registered, that's the default | 391 -- When only a single URI is registered, that's the default |
