# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1748962747 -7200
# Node ID ef81c67e1ae7c8bae5cd5f85f27d363cea72bdfa
# Parent  b460b2a65f0b4af3f4e4b9a8be57cfef46c7a2ce
mod_http_oauth2: Allow zero response types (e.g. with the password grant)

diff -r b460b2a65f0b -r ef81c67e1ae7 mod_http_oauth2/mod_http_oauth2.lua
--- a/mod_http_oauth2/mod_http_oauth2.lua	Tue Jun 03 01:11:37 2025 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Tue Jun 03 16:59:07 2025 +0200
@@ -1298,7 +1298,6 @@
 		response_types = {
 			title = "Response Types";
 			type = "array";
-			minItems = 1;
 			uniqueItems = true;
 			items = { type = "string"; enum = { "code"; "token" } };
 			default = { "code" };
@@ -1470,8 +1469,6 @@
 
 	if set.intersection(grant_types, allowed_grant_type_handlers):empty() then
 		return nil, oauth_error("invalid_client_metadata", "No allowed 'grant_types' specified");
-	elseif set.intersection(response_types, allowed_response_type_handlers):empty() then
-		return nil, oauth_error("invalid_client_metadata", "No allowed 'response_types' specified");
 	end
 
 	if client_metadata.token_endpoint_auth_method ~= "none" then