mod_http_oauth2: Record OAuth software id and version attached to tokens
Unsure if these are used anywhere, but `software_id` is supposedly more
unique than `client_uri` which can vary by registration or something?
Software versions can also be good to know e.g. in case there is a
security issue affecting certain versions that could warrant revocation
of tokens issued to it.
--- a/mod_http_oauth2/mod_http_oauth2.lua Thu Apr 27 19:14:23 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua Thu Apr 27 19:16:14 2023 +0200
@@ -153,7 +153,7 @@
-- properties that are deemed useful e.g. in case tokens issued to a certain
-- client needs to be revoked
local function client_subset(client)
- return { name = client.client_name; uri = client.client_uri };
+ return { name = client.client_name; uri = client.client_uri; id = client.software_id; version = client.software_version };
end
local function new_access_token(token_jid, role, scope_string, client, id_token, refresh_token_info)