Mercurial Mercurial > prosody > prosody-modules / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2/mod_http_oauth2.lua
changeset 5361 eda3b078ba2c
parent 5360 959dc350f2ad
child 5362 0905d348bd34
equal deleted inserted replaced
5360:959dc350f2ad 5361:eda3b078ba2c 
   668 		jwks = { type = "object"; description = "JSON Web Key Set, RFC 7517" };
 
   668 		jwks = { type = "object"; description = "JSON Web Key Set, RFC 7517" };
 
   669 		software_id = { type = "string"; format = "uuid" };
 
   669 		software_id = { type = "string"; format = "uuid" };
 
   670 		software_version = { type = "string" };
 
   670 		software_version = { type = "string" };
 
   671 	};
 
   671 	};
 
   672 	-- Localized versions of descriptive properties and URIs
 
   672 	-- Localized versions of descriptive properties and URIs
 
       
   673 	patternProperties = { ["^[a-z_]+_uri#"] = { type = "string"; format = "uri"; pattern = "^https:"  } };
 
   673 	additionalProperties = { type = "string" };
 
   674 	additionalProperties = { type = "string" };
 
   674 }
 
   675 }
 
   675 
   676 
   676 function create_client(client_metadata)
 
   677 function create_client(client_metadata)
 
   677 	if not schema.validate(registration_schema, client_metadata) then
 
   678 	if not schema.validate(registration_schema, client_metadata) then
 
   700 			if components.scheme ~= "https" then
 
   701 			if components.scheme ~= "https" then
 
   701 				return nil, oauth_error("invalid_request", "Insecure URI forbidden");
 
   702 				return nil, oauth_error("invalid_request", "Insecure URI forbidden");
 
   702 			end
 
   703 			end
 
   703 			if components.authority ~= client_uri.authority then
 
   704 			if components.authority ~= client_uri.authority then
 
   704 				return nil, oauth_error("invalid_request", "Informative URIs must have the same hostname");
 
   705 				return nil, oauth_error("invalid_request", "Informative URIs must have the same hostname");
 
       
   706 			end
 
       
   707 		end
 
       
   708 	end
 
       
   709 
       
   710 	-- Localized URIs should be secure too
 
       
   711 	for k, v in pairs(client_metadata) do
 
       
   712 		if k:find"_uri#" then
 
       
   713 			local uri = url.parse(v);
 
       
   714 			if not uri or uri.scheme ~= "https" then
 
       
   715 				return nil, oauth_error("invalid_request", "Missing, invalid or insecure "..k);
 
       
   716 			elseif uri.host ~= client_uri.host then
 
       
   717 				return nil, oauth_error("invalid_request", "All URIs must use the same hostname as client_uri");
 
   705 			end
 
   718 			end
 
   706 		end
 
   719 		end
 
   707 	end
 
   720 	end
 
   708 
   721 
   709 	-- Ensure each signed client_id JWT is unique, short ID and issued at
 
   722 	-- Ensure each signed client_id JWT is unique, short ID and issued at
prosody-modules