mod_auth_oauth_external: Allow setting identity instead of discovery URL
Shorter and the .well-known part is, well, well-known.
--- a/mod_auth_oauth_external/README.md Thu Mar 16 12:45:52 2023 +0100
+++ b/mod_auth_oauth_external/README.md Thu Mar 16 13:04:13 2023 +0100
@@ -20,11 +20,15 @@
# Configuration
+`oauth_external_issuer`
+: Optional URL string representing the Authorization server identity.
+
`oauth_external_discovery_url`
: Optional URL string pointing to [OAuth 2.0 Authorization Server
Metadata](https://oauth.net/2/authorization-server-metadata/). Lets
clients discover where they should retrieve access tokens from if
- they don't have one yet.
+ they don't have one yet. Default based on `oauth_external_issuer` is
+ set, otherwise empty.
`oauth_external_validation_endpoint`
: URL string. The token validation endpoint, should validate the token
--- a/mod_auth_oauth_external/mod_auth_oauth_external.lua Thu Mar 16 12:45:52 2023 +0100
+++ b/mod_auth_oauth_external/mod_auth_oauth_external.lua Thu Mar 16 13:04:13 2023 +0100
@@ -3,8 +3,9 @@
local json = require "util.json";
local sasl = require "util.sasl";
--- TODO -- local issuer_identity = module:get_option_string("oauth_external_issuer");
-local oidc_discovery_url = module:get_option_string("oauth_external_discovery_url")
+local issuer_identity = module:get_option_string("oauth_external_issuer");
+local oidc_discovery_url = module:get_option_string("oauth_external_discovery_url",
+ issuer_identity and issuer_identity .. "/.well-known/oauth-authorization-server" or nil);
local validation_endpoint = module:get_option_string("oauth_external_validation_endpoint");
local token_endpoint = module:get_option_string("oauth_external_token_endpoint");