Software / code / prosody-modules
Changeset
6327:578fa5d97daa
mod_http_oauth2: Avoid tripping on redirect URIs when omitted
Since device clients don't need to include redirect_uris, this function
needs to handle that case and not try to index the missing array.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 03 Jul 2025 16:18:38 +0200 |
| parents | 6326:17d9533f7596 |
| children | 6328:887ed0f6e275 |
| files | mod_http_oauth2/mod_http_oauth2.lua |
| diffstat | 1 files changed, 3 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Thu Jul 03 15:45:00 2025 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Thu Jul 03 16:18:38 2025 +0200 @@ -381,7 +381,9 @@ end -- Tried to use device authorization flow without registering it. return; - elseif not query_redirect_uri and client.redirect_uris then + elseif not client.redirect_uris then + return; + elseif not query_redirect_uri then if #client.redirect_uris ~= 1 then -- Client registered multiple URIs, it needs specify which one to use return;
