mod_http_oauth2: Advertise endpoints that are enabled
If you don't set the registration secret, some of these are not actually
available, so don't advertise them.
--- a/mod_http_oauth2/mod_http_oauth2.lua Fri Mar 03 22:48:59 2023 +0100
+++ b/mod_http_oauth2/mod_http_oauth2.lua Fri Mar 03 22:54:46 2023 +0100
@@ -469,12 +469,12 @@
headers = { content_type = "application/json" };
body = json.encode {
issuer = module:http_url(nil, "/");
- authorization_endpoint = module:http_url() .. "/authorize";
- token_endpoint = module:http_url() .. "/token";
+ authorization_endpoint = handle_authorization_request and module:http_url() .. "/authorize" or nil;
+ token_endpoint = handle_token_grant and module:http_url() .. "/token" or nil;
jwks_uri = nil; -- TODO?
- registration_endpoint = module:http_url() .. "/register";
+ registration_endpoint = handle_register_request and module:http_url() .. "/register" or nil;
scopes_supported = { "prosody:restricted"; "prosody:user"; "prosody:admin"; "prosody:operator" };
- response_types_supported = { "code"; "token" };
+ response_types_supported = { "code"; "token" }; -- TODO derive from active config
authorization_response_iss_parameter_supported = true;
};
};