Changeset

5221:22483cfce3ce

mod_http_oauth2: Reflect ALL attributes of the client registration Per RFC 7591: " Additionally, the authorization server MUST return all registered metadata about this client, including any fields provisioned by the authorization server itself. " The idea is that the server may replace/drop fields in the registration, so what gets reflected back to the client is the source of truth about the registration.
author Matthew Wild <mwild1@gmail.com>
date Tue, 07 Mar 2023 14:52:43 +0000
parents 5220:d03448560acf
children 5222:578a72982bb2
files mod_http_oauth2/mod_http_oauth2.lua
diffstat 1 files changed, 7 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Tue Mar 07 14:59:45 2023 +0100
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Tue Mar 07 14:52:43 2023 +0000
@@ -564,20 +564,19 @@
 	local client_id = jwt_sign(client_metadata);
 	local client_secret = make_secret(client_id);
 
-	local client_desc = {
-		client_id = client_id;
-		client_secret = client_secret;
-		client_id_issued_at = os.time();
-		client_secret_expires_at = 0;
-	}
+	client_metadata.client_id = client_id;
+	client_metadata.client_secret = client_secret;
+	client_metadata.client_id_issued_at = os.time();
+	client_metadata.client_secret_expires_at = 0;
+
 	if not registration_options.accept_expired then
-		client_desc.client_secret_expires_at = client_desc.client_id_issued_at + (registration_options.default_ttl or 3600);
+		client_metadata.client_secret_expires_at = client_metadata.client_id_issued_at + (registration_options.default_ttl or 3600);
 	end
 
 	return {
 		status_code = 201;
 		headers = { content_type = "application/json" };
-		body = json.encode(client_desc);
+		body = json.encode(client_metadata);
 	};
 end