Changeset

5200:afed7d5bd65c

mod_http_oauth2: Advertise endpoints that are enabled If you don't set the registration secret, some of these are not actually available, so don't advertise them.
author Kim Alvefur <zash@zash.se>
date Fri, 03 Mar 2023 22:54:46 +0100
parents 5199:f48628dc83f1
children 5201:47576c73eedf
files mod_http_oauth2/mod_http_oauth2.lua
diffstat 1 files changed, 4 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Fri Mar 03 22:48:59 2023 +0100
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Fri Mar 03 22:54:46 2023 +0100
@@ -469,12 +469,12 @@
 			headers = { content_type = "application/json" };
 			body = json.encode {
 				issuer = module:http_url(nil, "/");
-				authorization_endpoint = module:http_url() .. "/authorize";
-				token_endpoint = module:http_url() .. "/token";
+				authorization_endpoint = handle_authorization_request and module:http_url() .. "/authorize" or nil;
+				token_endpoint = handle_token_grant and module:http_url() .. "/token" or nil;
 				jwks_uri = nil; -- TODO?
-				registration_endpoint = module:http_url() .. "/register";
+				registration_endpoint = handle_register_request and module:http_url() .. "/register" or nil;
 				scopes_supported = { "prosody:restricted"; "prosody:user"; "prosody:admin"; "prosody:operator" };
-				response_types_supported = { "code"; "token" };
+				response_types_supported = { "code"; "token" }; -- TODO derive from active config
 				authorization_response_iss_parameter_supported = true;
 			};
 		};