Software / code / prosody-modules
Diff
mod_http_oauth2/mod_http_oauth2.lua @ 5366:db4c66a1d24b
mod_http_oauth2: Fill in some client metadata defaults
Explicit > Implicit
Maybe we should actually use these for something as well? :)
It's is somewhat an open question of how strictly we should enforce
things in the client metadata given that it is somewhat extensible.
Especially some of these enum fields which have corresponding IANA
registries.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 25 Apr 2023 18:09:08 +0200 |
| parent | 5365:698fef74ce53 |
| child | 5367:93d445b26063 |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Tue Apr 25 17:38:36 2023 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Tue Apr 25 18:09:08 2023 +0200 @@ -640,7 +640,7 @@ }; properties = { redirect_uris = { type = "array"; minLength = 1; items = { type = "string"; format = "uri" } }; - token_endpoint_auth_method = { type = "string"; enum = { "none"; "client_secret_post"; "client_secret_basic" } }; + token_endpoint_auth_method = { type = "string"; enum = { "none"; "client_secret_post"; "client_secret_basic"; default = "client_secret_basic" } }; grant_types = { type = "array"; items = { @@ -655,8 +655,9 @@ "urn:ietf:params:oauth:grant-type:saml2-bearer"; }; }; + default = { "authorization_code" }; }; - response_types = { type = "array"; items = { type = "string"; enum = { "code"; "token" } } }; + response_types = { type = "array"; items = { type = "string"; enum = { "code"; "token" } }; default = { "code" } }; client_name = { type = "string" }; client_uri = { type = "string"; format = "uri"; luaPattern = "^https:" }; logo_uri = { type = "string"; format = "uri"; luaPattern = "^https:" }; @@ -681,6 +682,13 @@ return nil, oauth_error("invalid_request", "Failed schema validation."); end + -- Fill in default values + for propname, propspec in pairs(registration_schema.properties) do + if client_metadata[propname] == nil and type(propspec) == "table" and propspec.default ~= nil then + client_metadata[propname] = propspec.default; + end + end + local client_uri = url.parse(client_metadata.client_uri); if not client_uri or client_uri.scheme ~= "https" then return nil, oauth_error("invalid_request", "Missing, invalid or insecure client_uri");
