1234 function create_client(client_metadata) |
1234 function create_client(client_metadata) |
1235 if not schema.validate(registration_schema, client_metadata) then |
1235 if not schema.validate(registration_schema, client_metadata) then |
1236 return nil, oauth_error("invalid_request", "Failed schema validation."); |
1236 return nil, oauth_error("invalid_request", "Failed schema validation."); |
1237 end |
1237 end |
1238 |
1238 |
|
1239 local client_uri = url.parse(client_metadata.client_uri); |
|
1240 if not client_uri or client_uri.scheme ~= "https" or loopbacks:contains(client_uri.host) then |
|
1241 return nil, oauth_error("invalid_client_metadata", "Missing, invalid or insecure client_uri"); |
|
1242 end |
|
1243 |
|
1244 if not client_metadata.application_type and redirect_uri_allowed(client_metadata.redirect_uris[1], client_uri, "native") then |
|
1245 client_metadata.application_type = "native"; |
|
1246 -- else defaults to "web" |
|
1247 end |
|
1248 |
1239 -- Fill in default values |
1249 -- Fill in default values |
1240 for propname, propspec in pairs(registration_schema.properties) do |
1250 for propname, propspec in pairs(registration_schema.properties) do |
1241 if client_metadata[propname] == nil and type(propspec) == "table" and propspec.default ~= nil then |
1251 if client_metadata[propname] == nil and type(propspec) == "table" and propspec.default ~= nil then |
1242 client_metadata[propname] = propspec.default; |
1252 client_metadata[propname] = propspec.default; |
1243 end |
1253 end |
1246 -- MUST ignore any metadata that it does not understand |
1256 -- MUST ignore any metadata that it does not understand |
1247 for propname in pairs(client_metadata) do |
1257 for propname in pairs(client_metadata) do |
1248 if not registration_schema.properties[propname] then |
1258 if not registration_schema.properties[propname] then |
1249 client_metadata[propname] = nil; |
1259 client_metadata[propname] = nil; |
1250 end |
1260 end |
1251 end |
|
1252 |
|
1253 local client_uri = url.parse(client_metadata.client_uri); |
|
1254 if not client_uri or client_uri.scheme ~= "https" or loopbacks:contains(client_uri.host) then |
|
1255 return nil, oauth_error("invalid_client_metadata", "Missing, invalid or insecure client_uri"); |
|
1256 end |
1261 end |
1257 |
1262 |
1258 for _, redirect_uri in ipairs(client_metadata.redirect_uris) do |
1263 for _, redirect_uri in ipairs(client_metadata.redirect_uris) do |
1259 if not redirect_uri_allowed(redirect_uri, client_uri, client_metadata.application_type) then |
1264 if not redirect_uri_allowed(redirect_uri, client_uri, client_metadata.application_type) then |
1260 return nil, oauth_error("invalid_redirect_uri", "Invalid, insecure or inappropriate redirect URI."); |
1265 return nil, oauth_error("invalid_redirect_uri", "Invalid, insecure or inappropriate redirect URI."); |