Changeset

5506:37621c6e5c08

mod_http_oauth2: Restructure description of client metadata requirements Previously quite a compact block of text, maybe this is easier to read.
author Kim Alvefur <zash@zash.se>
date Thu, 01 Jun 2023 19:55:36 +0200
parents 5505:efe9e741f222
children 5507:209299fd81e1
files mod_http_oauth2/README.markdown
diffstat 1 files changed, 32 insertions(+), 13 deletions(-) [+]
line wrap: on
line diff
--- a/mod_http_oauth2/README.markdown	Thu Jun 01 19:37:17 2023 +0200
+++ b/mod_http_oauth2/README.markdown	Thu Jun 01 19:55:36 2023 +0200
@@ -113,19 +113,38 @@
 In addition to the requirements in the RFC, the following requirements
 are enforced:
 
--   `client_name` and `client_uri` **MUST** be present.
--   `client_uri` **MUST** be a `https://` URL.
--   `redirect_uris` **MUST** contain at least one valid URI.
--   If `application_type` equals `web` (or is not included) then all
-    `redirect_uris` **MUST** be `https://` URIs and **MUST** use the
-    same hostname part as the `client_uri`.
--   If `application_type` equals `native` then all `redirect_uris`
-    **MUST** match one of:
-    -   Loopback HTTP URI, e.g. `http://127.0.0.1/` or `http://[::1]`
-    -   Application-specific scheme, e.g. `com.example.app:/`
-    -   The special OOB URI `urn:ietf:wg:oauth:2.0:oob`
--   Informative URIs such as policy and terms of service **MUST** use
-    the same scheme (i.e. `https://`) and hostname as the `client_uri`.
+`client_name`
+:   **MUST** be present, is shown to users in consent screen.
+
+`client_uri`
+:   **MUST** be present and **MUST** be a `https://` URL.
+
+`redirect_uris`
+
+:   **MUST** contain at least one valid URI. Different rules apply
+    depending on the value of `application_type`:
+
+    `web`
+    :   `redirect_uris` **MUST** match one of: - Loopback HTTP URI,
+        e.g. `http://127.0.0.1/` or `http://[::1]` -
+        Application-specific scheme, e.g. `com.example.app:/` - The
+        special OOB URI `urn:ietf:wg:oauth:2.0:oob`
+
+`application_type`
+
+:   Optional, defaults to `web`. Determines further restrictions for
+    `redirect_uris`. The following values are supported:
+
+    `web` *(default)*
+    :   For web clients.
+
+    `native`
+    :   For native e.g. desktop clients etc.
+
+`tos_uri`, `policy_uri`
+:   Informative URLs pointing to Terms of Service and Service Policy
+    document **MUST** use the same scheme (i.e. `https://`) and hostname
+    as the `client_uri`.
 
 #### Registration Example