author | Kim Alvefur <zash@zash.se> |
Fri, 04 Aug 2023 01:11:01 +0200 | |
changeset 5632 | 9aace51c3637 |
parent 5631 | 3a5cf8d80089 |
child 5633 | ef0a283507c9 |
--- a/mod_http_oauth2/mod_http_oauth2.lua Mon Jul 31 07:28:09 2023 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Fri Aug 04 01:11:01 2023 +0200 @@ -400,6 +400,8 @@ if is_device then -- reconstruct the device_code code = b64url(hashes.hmac_sha256(verification_key, device_state.user_code)); + else + return oauth_error("invalid_request"); end end local ok = codes:set("authorization_code:" .. params.client_id .. "#" .. code, {