Diff

mod_http_oauth2/mod_http_oauth2.lua @ 5355:41a418ebc60b

mod_http_oauth2: Enforce https requirement on TOS URI In create_client() it validates that all fields with format=uri are https and match the client_uri host.
author Kim Alvefur <zash@zash.se>
date Sat, 22 Apr 2023 12:02:01 +0200
parent 5354:39d59d857bfb
child 5356:959dc350f2ad
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Sat Apr 22 11:59:52 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Sat Apr 22 12:02:01 2023 +0200
@@ -662,7 +662,7 @@
 		logo_uri = { type = "string"; format = "uri" };
 		scope = { type = "string" };
 		contacts = { type = "array"; items = { type = "string" } };
-		tos_uri = { type = "string" };
+		tos_uri = { type = "string"; format = "uri" };
 		policy_uri = { type = "string"; format = "uri" };
 		jwks_uri = { type = "string"; format = "uri" };
 		jwks = { type = "object"; description = "JSON Web Key Set, RFC 7517" };