equal
deleted
inserted
replaced
668 jwks = { type = "object"; description = "JSON Web Key Set, RFC 7517" }; |
668 jwks = { type = "object"; description = "JSON Web Key Set, RFC 7517" }; |
669 software_id = { type = "string"; format = "uuid" }; |
669 software_id = { type = "string"; format = "uuid" }; |
670 software_version = { type = "string" }; |
670 software_version = { type = "string" }; |
671 }; |
671 }; |
672 -- Localized versions of descriptive properties and URIs |
672 -- Localized versions of descriptive properties and URIs |
|
673 patternProperties = { ["^[a-z_]+_uri#"] = { type = "string"; format = "uri"; pattern = "^https:" } }; |
673 additionalProperties = { type = "string" }; |
674 additionalProperties = { type = "string" }; |
674 } |
675 } |
675 |
676 |
676 function create_client(client_metadata) |
677 function create_client(client_metadata) |
677 if not schema.validate(registration_schema, client_metadata) then |
678 if not schema.validate(registration_schema, client_metadata) then |
700 if components.scheme ~= "https" then |
701 if components.scheme ~= "https" then |
701 return nil, oauth_error("invalid_request", "Insecure URI forbidden"); |
702 return nil, oauth_error("invalid_request", "Insecure URI forbidden"); |
702 end |
703 end |
703 if components.authority ~= client_uri.authority then |
704 if components.authority ~= client_uri.authority then |
704 return nil, oauth_error("invalid_request", "Informative URIs must have the same hostname"); |
705 return nil, oauth_error("invalid_request", "Informative URIs must have the same hostname"); |
|
706 end |
|
707 end |
|
708 end |
|
709 |
|
710 -- Localized URIs should be secure too |
|
711 for k, v in pairs(client_metadata) do |
|
712 if k:find"_uri#" then |
|
713 local uri = url.parse(v); |
|
714 if not uri or uri.scheme ~= "https" then |
|
715 return nil, oauth_error("invalid_request", "Missing, invalid or insecure "..k); |
|
716 elseif uri.host ~= client_uri.host then |
|
717 return nil, oauth_error("invalid_request", "All URIs must use the same hostname as client_uri"); |
705 end |
718 end |
706 end |
719 end |
707 end |
720 end |
708 |
721 |
709 -- Ensure each signed client_id JWT is unique, short ID and issued at |
722 -- Ensure each signed client_id JWT is unique, short ID and issued at |