Changeset

5474:d0b93105b289

mod_http_oauth2: Don't return redirects or HTML from token endpoint These are used by the client, not the user, so makes more sense to return JSON directly instead of a redirect or HTML error page when .
author Kim Alvefur <zash@zash.se>
date Thu, 18 May 2023 13:41:23 +0200
parents 5473:e4382f6e3564
children 5475:022733437fef
files mod_http_oauth2/mod_http_oauth2.lua
diffstat 1 files changed, 2 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Thu May 18 13:27:27 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Thu May 18 13:41:23 2023 +0200
@@ -664,7 +664,7 @@
 	event.response.headers.content_type = "application/json";
 	local params = http.formdecode(event.request.body);
 	if not params then
-		return error_response(event.request, oauth_error("invalid_request"));
+		return oauth_error("invalid_request");
 	end
 
 	if credentials and credentials.type == "basic" then
@@ -676,7 +676,7 @@
 	local grant_type = params.grant_type
 	local grant_handler = grant_type_handlers[grant_type];
 	if not grant_handler then
-		return error_response(event.request, oauth_error("unsupported_grant_type"));
+		return oauth_error("invalid_request");
 	end
 	return grant_handler(params);
 end