Software /
code /
prosody-modules
Comparison
mod_http_oauth2/README.markdown @ 5493:cae3bb3dd45f
mod_http_oauth2: Document client registration requirements
Because they go a bit further than the basics in the RFC
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 26 May 2023 15:48:02 +0200 |
parent | 5467:1c78a97a1091 |
child | 5494:1bcf755c7bae |
comparison
equal
deleted
inserted
replaced
5492:b6af4d1ff8c1 | 5493:cae3bb3dd45f |
---|---|
105 oauth2_registration_key = "securely generated JWT key here" | 105 oauth2_registration_key = "securely generated JWT key here" |
106 oauth2_registration_algorithm = "HS256" | 106 oauth2_registration_algorithm = "HS256" |
107 oauth2_registration_ttl = nil -- unlimited by default | 107 oauth2_registration_ttl = nil -- unlimited by default |
108 ``` | 108 ``` |
109 | 109 |
110 Registering a client is described in | |
111 [RFC7591](https://www.rfc-editor.org/rfc/rfc7591.html). | |
112 | |
113 In addition to the requirements in the RFC, the following requirements | |
114 are enforced: | |
115 | |
116 - `client_name` and `client_uri` **MUST** be present. | |
117 - `client_uri` **MUST** be a `https://` URL. | |
118 - `redirect_uris` **MUST** contain at least one valid URI. | |
119 - If `application_type` equals `web` (or is not included) then all | |
120 `redirect_uris` **MUST** be `https://` URIs and **MUST** use the | |
121 same hostname part as the `client_uri`. | |
122 - If `application_type` equals `native` then all `redirect_uris` | |
123 **MUST** match one of: | |
124 - Loopback `http://` URI, e.g. `https://127.0.0.1:8080/` | |
125 - Application-specific scheme, e.g. `com.example.app:/` | |
126 - The special OOB URI `urn:ietf:wg:oauth:2.0:oob` | |
127 - Informative URIs such as policy and terms of service **MUST** use | |
128 the same scheme (i.e. `https://`) and hostname as the `client_uri`. | |
129 | |
110 ### Supported flows | 130 ### Supported flows |
111 | 131 |
112 Various flows can be disabled and enabled with | 132 Various flows can be disabled and enabled with |
113 `allowed_oauth2_grant_types` and `allowed_oauth2_response_types`: | 133 `allowed_oauth2_grant_types` and `allowed_oauth2_response_types`: |
114 | 134 |