mod_http_oauth2: Fill in some client metadata defaults
Explicit > Implicit
Maybe we should actually use these for something as well? :)
It's is somewhat an open question of how strictly we should enforce
things in the client metadata given that it is somewhat extensible.
Especially some of these enum fields which have corresponding IANA
registries.
--- a/mod_http_oauth2/mod_http_oauth2.lua Tue Apr 25 17:38:36 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua Tue Apr 25 18:09:08 2023 +0200
@@ -640,7 +640,7 @@
};
properties = {
redirect_uris = { type = "array"; minLength = 1; items = { type = "string"; format = "uri" } };
- token_endpoint_auth_method = { type = "string"; enum = { "none"; "client_secret_post"; "client_secret_basic" } };
+ token_endpoint_auth_method = { type = "string"; enum = { "none"; "client_secret_post"; "client_secret_basic"; default = "client_secret_basic" } };
grant_types = {
type = "array";
items = {
@@ -655,8 +655,9 @@
"urn:ietf:params:oauth:grant-type:saml2-bearer";
};
};
+ default = { "authorization_code" };
};
- response_types = { type = "array"; items = { type = "string"; enum = { "code"; "token" } } };
+ response_types = { type = "array"; items = { type = "string"; enum = { "code"; "token" } }; default = { "code" } };
client_name = { type = "string" };
client_uri = { type = "string"; format = "uri"; luaPattern = "^https:" };
logo_uri = { type = "string"; format = "uri"; luaPattern = "^https:" };
@@ -681,6 +682,13 @@
return nil, oauth_error("invalid_request", "Failed schema validation.");
end
+ -- Fill in default values
+ for propname, propspec in pairs(registration_schema.properties) do
+ if client_metadata[propname] == nil and type(propspec) == "table" and propspec.default ~= nil then
+ client_metadata[propname] = propspec.default;
+ end
+ end
+
local client_uri = url.parse(client_metadata.client_uri);
if not client_uri or client_uri.scheme ~= "https" then
return nil, oauth_error("invalid_request", "Missing, invalid or insecure client_uri");