Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 6247:7cf1fcac9b94
mod_http_oauth2: Reorder metadata by source
Following the order in which field are described in each specification.
Also fills in `nil` fields that are defined but not used in this module.
Tweaks some values to reflect current behavior.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 07 Jun 2025 22:02:18 +0200 |
| parents | 7e4238d2989c |
| children | 28fd42866be9 |
comparison
equal
deleted
inserted
replaced
| 6246:5955ec5c173e | 6247:7cf1fcac9b94 |
|---|---|
| 1687 authorization_server_metadata = { | 1687 authorization_server_metadata = { |
| 1688 -- RFC 8414: OAuth 2.0 Authorization Server Metadata | 1688 -- RFC 8414: OAuth 2.0 Authorization Server Metadata |
| 1689 issuer = get_issuer(); | 1689 issuer = get_issuer(); |
| 1690 authorization_endpoint = handle_authorization_request and module:http_url() .. "/authorize" or nil; | 1690 authorization_endpoint = handle_authorization_request and module:http_url() .. "/authorize" or nil; |
| 1691 token_endpoint = handle_token_grant and module:http_url() .. "/token" or nil; | 1691 token_endpoint = handle_token_grant and module:http_url() .. "/token" or nil; |
| 1692 jwks_uri = nil; -- REQUIRED in OpenID Discovery but not in OAuth 2.0 Metadata | |
| 1692 registration_endpoint = handle_register_request and module:http_url() .. "/register" or nil; | 1693 registration_endpoint = handle_register_request and module:http_url() .. "/register" or nil; |
| 1693 scopes_supported = usermanager.get_all_roles | 1694 scopes_supported = usermanager.get_all_roles |
| 1694 and array(it.keys(usermanager.get_all_roles(module.host))):push("xmpp"):append(array(openid_claims:items())); | 1695 and array(it.keys(usermanager.get_all_roles(module.host))):push("xmpp"):append(array(openid_claims:items())); |
| 1695 response_types_supported = array(it.keys(response_type_handlers)); | 1696 response_types_supported = array(it.keys(response_type_handlers)); |
| 1696 token_endpoint_auth_methods_supported = array({ "client_secret_post"; "client_secret_basic" }); | 1697 response_modes_supported = array(it.keys(response_type_handlers)):map(tmap { token = "fragment"; code = "query" }); |
| 1698 grant_types_supported = array(it.keys(grant_type_handlers)); | |
| 1699 token_endpoint_auth_methods_supported = array({ "client_secret_basic"; "client_secret_post"; "none" }); | |
| 1700 token_endpoint_auth_signing_alg_values_supported = nil; | |
| 1701 service_documentation = module:get_option_string("oauth2_service_documentation", "https://modules.prosody.im/mod_http_oauth2.html"); | |
| 1702 ui_locales_supported = allowed_locales[1] and allowed_locales; | |
| 1697 op_policy_uri = module:get_option_string("oauth2_policy_url", nil); | 1703 op_policy_uri = module:get_option_string("oauth2_policy_url", nil); |
| 1698 op_tos_uri = module:get_option_string("oauth2_terms_url", nil); | 1704 op_tos_uri = module:get_option_string("oauth2_terms_url", nil); |
| 1699 revocation_endpoint = handle_revocation_request and module:http_url() .. "/revoke" or nil; | 1705 revocation_endpoint = handle_revocation_request and module:http_url() .. "/revoke" or nil; |
| 1700 revocation_endpoint_auth_methods_supported = array({ "client_secret_basic" }); | 1706 revocation_endpoint_auth_methods_supported = array({ "client_secret_basic"; "client_secret_post"; "none" }); |
| 1701 device_authorization_endpoint = handle_device_authorization_request and module:http_url() .. "/device"; | 1707 revocation_endpoint_auth_signing_alg_values_supported = nil; |
| 1702 introspection_endpoint = handle_introspection_request and module:http_url() .. "/introspect"; | 1708 introspection_endpoint = handle_introspection_request and module:http_url() .. "/introspect"; |
| 1703 introspection_endpoint_auth_methods_supported = nil; | 1709 introspection_endpoint_auth_methods_supported = nil; |
| 1710 introspection_endpoint_auth_signing_alg_values_supported = nil; | |
| 1704 code_challenge_methods_supported = array(it.keys(verifier_transforms)); | 1711 code_challenge_methods_supported = array(it.keys(verifier_transforms)); |
| 1705 grant_types_supported = array(it.keys(grant_type_handlers)); | 1712 |
| 1706 response_modes_supported = array(it.keys(response_type_handlers)):map(tmap { token = "fragment"; code = "query" }); | 1713 -- RFC 8628: OAuth 2.0 Device Authorization Grant |
| 1714 device_authorization_endpoint = handle_device_authorization_request and module:http_url() .. "/device"; | |
| 1715 | |
| 1716 -- RFC 9207: OAuth 2.0 Authorization Server Issuer Identification | |
| 1707 authorization_response_iss_parameter_supported = true; | 1717 authorization_response_iss_parameter_supported = true; |
| 1708 service_documentation = module:get_option_string("oauth2_service_documentation", "https://modules.prosody.im/mod_http_oauth2.html"); | 1718 |
| 1709 ui_locales_supported = allowed_locales[1] and allowed_locales; | 1719 -- OpenID Connect Discovery 1.0 |
| 1710 | |
| 1711 -- OpenID | |
| 1712 userinfo_endpoint = handle_userinfo_request and module:http_url() .. "/userinfo" or nil; | 1720 userinfo_endpoint = handle_userinfo_request and module:http_url() .. "/userinfo" or nil; |
| 1713 jwks_uri = nil; -- REQUIRED in OpenID Discovery but not in OAuth 2.0 Metadata | |
| 1714 id_token_signing_alg_values_supported = { "HS256" }; -- The algorithm RS256 MUST be included, but we use HS256 and client_secret as shared key. | 1721 id_token_signing_alg_values_supported = { "HS256" }; -- The algorithm RS256 MUST be included, but we use HS256 and client_secret as shared key. |
| 1715 } | 1722 } |
| 1716 return authorization_server_metadata; | 1723 return authorization_server_metadata; |
| 1717 end | 1724 end |
| 1718 | 1725 |
