# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1679431502 -3600
# Node ID 381c62ef52aa6bf0ecaff138cb1234b424f64ea5
# Parent  e73f364b56245f830c88db32daa8c8e2b085bf38
mod_http_oauth2: Group metadata section into OAuth and OpenID

Could easily be confusing otherwise if you're reading one spec and see
properties not defined there.

diff -r e73f364b5624 -r 381c62ef52aa mod_http_oauth2/mod_http_oauth2.lua
--- a/mod_http_oauth2/mod_http_oauth2.lua	Tue Mar 21 21:36:54 2023 +0100
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Tue Mar 21 21:45:02 2023 +0100
@@ -792,16 +792,19 @@
 		["GET"] = {
 			headers = { content_type = "application/json" };
 			body = json.encode {
+				-- RFC 8414: OAuth 2.0 Authorization Server Metadata
 				issuer = get_issuer();
 				authorization_endpoint = handle_authorization_request and module:http_url() .. "/authorize" or nil;
 				token_endpoint = handle_token_grant and module:http_url() .. "/token" or nil;
 				jwks_uri = nil; -- TODO?
-				userinfo_endpoint = handle_register_request and module:http_url() .. "/userinfo" or nil;
 				registration_endpoint = handle_register_request and module:http_url() .. "/register" or nil;
 				scopes_supported = usermanager.get_all_roles and array(it.keys(usermanager.get_all_roles(module.host))):push("openid")
 					or { "prosody:restricted"; "prosody:user"; "prosody:admin"; "prosody:operator"; "openid" };
 				response_types_supported = array(it.keys(response_type_handlers));
 				authorization_response_iss_parameter_supported = true;
+
+				-- OpenID
+				userinfo_endpoint = handle_register_request and module:http_url() .. "/userinfo" or nil;
 			};
 		};
 	};