Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 5221:22483cfce3ce
mod_http_oauth2: Reflect ALL attributes of the client registration
Per RFC 7591:
"
Additionally, the authorization server MUST return all registered
metadata about this client, including any fields provisioned by the
authorization server itself.
"
The idea is that the server may replace/drop fields in the registration, so
what gets reflected back to the client is the source of truth about the
registration.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Tue, 07 Mar 2023 14:52:43 +0000 |
| parents | 25e824f64fd3 |
| children | 578a72982bb2 |
comparison
equal
deleted
inserted
replaced
| 5220:d03448560acf | 5221:22483cfce3ce |
|---|---|
| 562 | 562 |
| 563 -- Do we want to keep everything? | 563 -- Do we want to keep everything? |
| 564 local client_id = jwt_sign(client_metadata); | 564 local client_id = jwt_sign(client_metadata); |
| 565 local client_secret = make_secret(client_id); | 565 local client_secret = make_secret(client_id); |
| 566 | 566 |
| 567 local client_desc = { | 567 client_metadata.client_id = client_id; |
| 568 client_id = client_id; | 568 client_metadata.client_secret = client_secret; |
| 569 client_secret = client_secret; | 569 client_metadata.client_id_issued_at = os.time(); |
| 570 client_id_issued_at = os.time(); | 570 client_metadata.client_secret_expires_at = 0; |
| 571 client_secret_expires_at = 0; | 571 |
| 572 } | |
| 573 if not registration_options.accept_expired then | 572 if not registration_options.accept_expired then |
| 574 client_desc.client_secret_expires_at = client_desc.client_id_issued_at + (registration_options.default_ttl or 3600); | 573 client_metadata.client_secret_expires_at = client_metadata.client_id_issued_at + (registration_options.default_ttl or 3600); |
| 575 end | 574 end |
| 576 | 575 |
| 577 return { | 576 return { |
| 578 status_code = 201; | 577 status_code = 201; |
| 579 headers = { content_type = "application/json" }; | 578 headers = { content_type = "application/json" }; |
| 580 body = json.encode(client_desc); | 579 body = json.encode(client_metadata); |
| 581 }; | 580 }; |
| 582 end | 581 end |
| 583 | 582 |
| 584 if not registration_key then | 583 if not registration_key then |
| 585 module:log("info", "No 'oauth2_registration_key', dynamic client registration disabled") | 584 module:log("info", "No 'oauth2_registration_key', dynamic client registration disabled") |
