--- a/mod_http_oauth2/mod_http_oauth2.lua	Mon Jun 19 01:26:56 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Tue Jun 20 01:11:34 2023 +0200
@@ -979,6 +979,13 @@
 		end
 	end
 
+	-- MUST ignore any metadata that it does not understand
+	for propname in pairs(client_metadata) do
+		if not registration_schema.properties[propname] then
+			client_metadata[propname] = nil;
+		end
+	end
+
 	local client_uri = url.parse(client_metadata.client_uri);
 	if not client_uri or client_uri.scheme ~= "https" or loopbacks:contains(client_uri.host) then
 		return nil, oauth_error("invalid_client_metadata", "Missing, invalid or insecure client_uri");