Mercurial Mercurial > prosody > prosody-modules / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2/mod_http_oauth2.lua
changeset 5409 c7a5caad28ef
parent 5408 1087f697c3f3
child 5410 b86d80e21c60 
--- a/mod_http_oauth2/mod_http_oauth2.lua	Tue May 02 16:23:40 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Tue May 02 16:31:25 2023 +0200
@@ -620,6 +620,12 @@
 		return oauth_error("invalid_client", "incorrect credentials");
 	end
 
+	local client_response_types = set.new(array(client.response_types or { "code" }));
+	client_response_types = set.intersection(client_response_types, allowed_response_type_handlers);
+	if not client_response_types:contains(params.response_type) then
+		return oauth_error("invalid_client", "response_type not allowed");
+	end
+
 	local auth_state = get_auth_state(request);
 	if not auth_state.user then
 		-- Render login page
prosody-modules