--- a/mod_http_oauth2/mod_http_oauth2.lua Wed Aug 16 11:17:28 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua Wed Aug 16 23:56:40 2023 +0200
@@ -1236,6 +1236,16 @@
return nil, oauth_error("invalid_request", "Failed schema validation.");
end
+ local client_uri = url.parse(client_metadata.client_uri);
+ if not client_uri or client_uri.scheme ~= "https" or loopbacks:contains(client_uri.host) then
+ return nil, oauth_error("invalid_client_metadata", "Missing, invalid or insecure client_uri");
+ end
+
+ if not client_metadata.application_type and redirect_uri_allowed(client_metadata.redirect_uris[1], client_uri, "native") then
+ client_metadata.application_type = "native";
+ -- else defaults to "web"
+ end
+
-- Fill in default values
for propname, propspec in pairs(registration_schema.properties) do
if client_metadata[propname] == nil and type(propspec) == "table" and propspec.default ~= nil then
@@ -1250,11 +1260,6 @@
end
end
- local client_uri = url.parse(client_metadata.client_uri);
- if not client_uri or client_uri.scheme ~= "https" or loopbacks:contains(client_uri.host) then
- return nil, oauth_error("invalid_client_metadata", "Missing, invalid or insecure client_uri");
- end
-
for _, redirect_uri in ipairs(client_metadata.redirect_uris) do
if not redirect_uri_allowed(redirect_uri, client_uri, client_metadata.application_type) then
return nil, oauth_error("invalid_redirect_uri", "Invalid, insecure or inappropriate redirect URI.");