--- a/mod_http_oauth2/mod_http_oauth2.lua Fri Jun 02 08:59:59 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua Fri Jun 02 10:12:46 2023 +0200
@@ -97,6 +97,17 @@
sign_client, verify_client = jwt.init(registration_algo, registration_key, registration_key, registration_options);
end
+-- verify and prepare client structure
+local function check_client(client_id)
+ if not verify_client then
+ return nil, "client-registration-not-enabled";
+ end
+
+ local ok, client = verify_client(client_id);
+ if not ok then return ok, client; end
+ return client;
+end
+
-- scope : string | array | set
--
-- at each step, allow the same or a subset of scopes
@@ -409,8 +420,8 @@
return oauth_error("invalid_scope", "unknown scope requested");
end
- local client_ok, client = verify_client(params.client_id);
- if not client_ok then
+ local client = check_client(params.client_id);
+ if not client then
return oauth_error("invalid_client", "incorrect credentials");
end
@@ -444,8 +455,8 @@
if not params.client_secret then return oauth_error("invalid_request", "missing 'client_secret'"); end
if not params.refresh_token then return oauth_error("invalid_request", "missing 'refresh_token'"); end
- local client_ok, client = verify_client(params.client_id);
- if not client_ok then
+ local client = check_client(params.client_id);
+ if not client then
return oauth_error("invalid_client", "incorrect credentials");
end
@@ -704,9 +715,9 @@
return render_error(oauth_error("invalid_request", "Missing 'client_id' parameter"));
end
- local ok, client = verify_client(params.client_id);
+ local client = check_client(params.client_id);
- if not ok then
+ if not client then
return render_error(oauth_error("invalid_request", "Invalid 'client_id' parameter"));
end