1056 end |
1056 end |
1057 return 200; |
1057 return 200; |
1058 end |
1058 end |
1059 |
1059 |
1060 local registration_schema = { |
1060 local registration_schema = { |
|
1061 title = "OAuth 2.0 Dynamic Client Registration Protocol"; |
1061 type = "object"; |
1062 type = "object"; |
1062 required = { |
1063 required = { |
1063 -- These are shown to users in the template |
1064 -- These are shown to users in the template |
1064 "client_name"; |
1065 "client_name"; |
1065 "client_uri"; |
1066 "client_uri"; |
1066 -- We need at least one redirect URI for things to work |
1067 -- We need at least one redirect URI for things to work |
1067 "redirect_uris"; |
1068 "redirect_uris"; |
1068 }; |
1069 }; |
1069 properties = { |
1070 properties = { |
1070 redirect_uris = { type = "array"; minItems = 1; uniqueItems = true; items = { type = "string"; format = "uri" } }; |
1071 redirect_uris = { |
|
1072 title = "List of Redirect URIs"; |
|
1073 type = "array"; |
|
1074 minItems = 1; |
|
1075 uniqueItems = true; |
|
1076 items = { title = "Redirect URI"; type = "string"; format = "uri" }; |
|
1077 }; |
1071 token_endpoint_auth_method = { |
1078 token_endpoint_auth_method = { |
|
1079 title = "Token Endpoint Authentication Method"; |
1072 type = "string"; |
1080 type = "string"; |
1073 enum = { "none"; "client_secret_post"; "client_secret_basic" }; |
1081 enum = { "none"; "client_secret_post"; "client_secret_basic" }; |
1074 default = "client_secret_basic"; |
1082 default = "client_secret_basic"; |
1075 }; |
1083 }; |
1076 grant_types = { |
1084 grant_types = { |
|
1085 title = "Grant Types"; |
1077 type = "array"; |
1086 type = "array"; |
1078 minItems = 1; |
1087 minItems = 1; |
1079 uniqueItems = true; |
1088 uniqueItems = true; |
1080 items = { |
1089 items = { |
1081 type = "string"; |
1090 type = "string"; |
1090 device_uri; |
1099 device_uri; |
1091 }; |
1100 }; |
1092 }; |
1101 }; |
1093 default = { "authorization_code" }; |
1102 default = { "authorization_code" }; |
1094 }; |
1103 }; |
1095 application_type = { type = "string"; enum = { "native"; "web" }; default = "web" }; |
1104 application_type = { |
|
1105 title = "Application Type"; |
|
1106 description = "Determines which kinds of redirect URIs the client may register. \z |
|
1107 The value 'web' limits the client to https:// URLs with the same hostname as in 'client_uri' \z |
|
1108 while the value 'native' allows either loopback http:// URLs or application specific URIs."; |
|
1109 type = "string"; |
|
1110 enum = { "native"; "web" }; |
|
1111 default = "web"; |
|
1112 }; |
1096 response_types = { |
1113 response_types = { |
|
1114 title = "Response Types"; |
1097 type = "array"; |
1115 type = "array"; |
1098 minItems = 1; |
1116 minItems = 1; |
1099 uniqueItems = true; |
1117 uniqueItems = true; |
1100 items = { type = "string"; enum = { "code"; "token" } }; |
1118 items = { type = "string"; enum = { "code"; "token" } }; |
1101 default = { "code" }; |
1119 default = { "code" }; |
1102 }; |
1120 }; |
1103 client_name = { type = "string" }; |
1121 client_name = { |
1104 client_uri = { type = "string"; format = "uri"; pattern = "^https:" }; |
1122 title = "Client Name"; |
1105 logo_uri = { type = "string"; format = "uri"; pattern = "^https:" }; |
1123 description = "Human-readable name of the client, presented to the user in the consent dialog."; |
1106 scope = { type = "string" }; |
1124 type = "string"; |
1107 contacts = { type = "array"; minItems = 1; items = { type = "string"; format = "email" } }; |
1125 }; |
1108 tos_uri = { type = "string"; format = "uri"; pattern = "^https:" }; |
1126 client_uri = { |
1109 policy_uri = { type = "string"; format = "uri"; pattern = "^https:" }; |
1127 title = "Client URL"; |
1110 software_id = { type = "string"; format = "uuid" }; |
1128 description = "Should be an link to a page with information about the client."; |
1111 software_version = { type = "string" }; |
1129 type = "string"; |
|
1130 format = "uri"; |
|
1131 pattern = "^https:"; |
|
1132 }; |
|
1133 logo_uri = { |
|
1134 title = "Logo URL"; |
|
1135 description = "URL to the clients logotype (not currently used)."; |
|
1136 type = "string"; |
|
1137 format = "uri"; |
|
1138 pattern = "^https:"; |
|
1139 }; |
|
1140 scope = { |
|
1141 title = "Scopes"; |
|
1142 description = "Space-separated list of scopes the client promises to restrict itself to."; |
|
1143 type = "string"; |
|
1144 }; |
|
1145 contacts = { |
|
1146 title = "Contact Addresses"; |
|
1147 description = "Addresses, typically email or URLs where the client developers can be contacted."; |
|
1148 type = "array"; |
|
1149 minItems = 1; |
|
1150 items = { type = "string"; format = "email" }; |
|
1151 }; |
|
1152 tos_uri = { |
|
1153 title = "Terms of Service URL"; |
|
1154 description = "Link to Terms of Service for the client, presented to the user in the consent dialog. \z |
|
1155 MUST be a https:// URL with hostname matching that of 'client_uri'."; |
|
1156 type = "string"; |
|
1157 format = "uri"; |
|
1158 pattern = "^https:"; |
|
1159 }; |
|
1160 policy_uri = { |
|
1161 title = "Privacy Policy URL"; |
|
1162 description = "Link to a Privacy Policy for the client. MUST be a https:// URL with hostname matching that of 'client_uri'."; |
|
1163 type = "string"; |
|
1164 format = "uri"; |
|
1165 pattern = "^https:"; |
|
1166 }; |
|
1167 software_id = { |
|
1168 title = "Software ID"; |
|
1169 description = "Unique identifier for the client software, common for all instances. Typically an UUID."; |
|
1170 type = "string"; |
|
1171 format = "uuid"; |
|
1172 }; |
|
1173 software_version = { |
|
1174 title = "Software Version"; |
|
1175 description = "Version of the software creating being registered. \z |
|
1176 E.g. to allow revoking all related tokens in the event of a security incident."; |
|
1177 type = "string"; |
|
1178 example = "2.3.1"; |
|
1179 }; |
1112 }; |
1180 }; |
1113 } |
1181 } |
1114 |
1182 |
1115 -- Limit per-locale fields to allowed locales, partly to keep size of client_id |
1183 -- Limit per-locale fields to allowed locales, partly to keep size of client_id |
1116 -- down, partly because we don't yet use them for anything. |
1184 -- down, partly because we don't yet use them for anything. |