Changeset

5346:d9bc8712a745

mod_auth_oauth_external: Allow setting identity instead of discovery URL Shorter and the .well-known part is, well, well-known.
author Kim Alvefur <zash@zash.se>
date Thu, 16 Mar 2023 13:04:13 +0100
parents 5345:3390bb2f9f6c
children 5347:a0074038696f
files mod_auth_oauth_external/README.md mod_auth_oauth_external/mod_auth_oauth_external.lua
diffstat 2 files changed, 8 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/mod_auth_oauth_external/README.md	Thu Mar 16 12:45:52 2023 +0100
+++ b/mod_auth_oauth_external/README.md	Thu Mar 16 13:04:13 2023 +0100
@@ -20,11 +20,15 @@
 
 # Configuration
 
+`oauth_external_issuer`
+:   Optional URL string representing the Authorization server identity.
+
 `oauth_external_discovery_url`
 :   Optional URL string pointing to [OAuth 2.0 Authorization Server
     Metadata](https://oauth.net/2/authorization-server-metadata/). Lets
     clients discover where they should retrieve access tokens from if
-    they don't have one yet.
+    they don't have one yet. Default based on `oauth_external_issuer` is
+    set, otherwise empty.
 
 `oauth_external_validation_endpoint`
 :   URL string. The token validation endpoint, should validate the token
--- a/mod_auth_oauth_external/mod_auth_oauth_external.lua	Thu Mar 16 12:45:52 2023 +0100
+++ b/mod_auth_oauth_external/mod_auth_oauth_external.lua	Thu Mar 16 13:04:13 2023 +0100
@@ -3,8 +3,9 @@
 local json = require "util.json";
 local sasl = require "util.sasl";
 
--- TODO -- local issuer_identity = module:get_option_string("oauth_external_issuer");
-local oidc_discovery_url = module:get_option_string("oauth_external_discovery_url")
+local issuer_identity = module:get_option_string("oauth_external_issuer");
+local oidc_discovery_url = module:get_option_string("oauth_external_discovery_url",
+	issuer_identity and issuer_identity .. "/.well-known/oauth-authorization-server" or nil);
 local validation_endpoint = module:get_option_string("oauth_external_validation_endpoint");
 local token_endpoint = module:get_option_string("oauth_external_token_endpoint");