Software /
code /
prosody-modules
Diff
mod_http_oauth2/README.markdown @ 5493:cae3bb3dd45f
mod_http_oauth2: Document client registration requirements
Because they go a bit further than the basics in the RFC
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 26 May 2023 15:48:02 +0200 |
parent | 5467:1c78a97a1091 |
child | 5494:1bcf755c7bae |
line wrap: on
line diff
--- a/mod_http_oauth2/README.markdown Fri May 26 15:38:38 2023 +0200 +++ b/mod_http_oauth2/README.markdown Fri May 26 15:48:02 2023 +0200 @@ -107,6 +107,26 @@ oauth2_registration_ttl = nil -- unlimited by default ``` +Registering a client is described in +[RFC7591](https://www.rfc-editor.org/rfc/rfc7591.html). + +In addition to the requirements in the RFC, the following requirements +are enforced: + +- `client_name` and `client_uri` **MUST** be present. +- `client_uri` **MUST** be a `https://` URL. +- `redirect_uris` **MUST** contain at least one valid URI. +- If `application_type` equals `web` (or is not included) then all + `redirect_uris` **MUST** be `https://` URIs and **MUST** use the + same hostname part as the `client_uri`. +- If `application_type` equals `native` then all `redirect_uris` + **MUST** match one of: + - Loopback `http://` URI, e.g. `https://127.0.0.1:8080/` + - Application-specific scheme, e.g. `com.example.app:/` + - The special OOB URI `urn:ietf:wg:oauth:2.0:oob` +- Informative URIs such as policy and terms of service **MUST** use + the same scheme (i.e. `https://`) and hostname as the `client_uri`. + ### Supported flows Various flows can be disabled and enabled with