From af6b20eebda8d33c4a186bf2194763c975c69f86 Mon Sep 17 00:00:00 2001 From: Christian Daguerre Date: Wed, 16 Jul 2025 13:09:07 +0200 Subject: [PATCH] fix client id issuance date should only be sent when generated --- src/server/auth/clients.ts | 2 +- src/server/auth/handlers/register.test.ts | 1 + src/server/auth/handlers/register.ts | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/server/auth/clients.ts b/src/server/auth/clients.ts index 3b9110d5..8bbc6ac4 100644 --- a/src/server/auth/clients.ts +++ b/src/server/auth/clients.ts @@ -16,5 +16,5 @@ export interface OAuthRegisteredClientsStore { * * If unimplemented, dynamic client registration is unsupported. */ - registerClient?(client: Omit): OAuthClientInformationFull | Promise; + registerClient?(client: Omit): OAuthClientInformationFull | Promise; } \ No newline at end of file diff --git a/src/server/auth/handlers/register.test.ts b/src/server/auth/handlers/register.test.ts index d95e6d82..1c3f16cb 100644 --- a/src/server/auth/handlers/register.test.ts +++ b/src/server/auth/handlers/register.test.ts @@ -236,6 +236,7 @@ describe('Client Registration Handler', () => { expect(response.status).toBe(201); expect(response.body.client_id).toBeUndefined(); + expect(response.body.client_id_issued_at).toBeUndefined(); }); it('handles client with all metadata fields', async () => { diff --git a/src/server/auth/handlers/register.ts b/src/server/auth/handlers/register.ts index 197e0053..4d8bea1a 100644 --- a/src/server/auth/handlers/register.ts +++ b/src/server/auth/handlers/register.ts @@ -99,12 +99,12 @@ export function clientRegistrationHandler({ let clientInfo: Omit & { client_id?: string } = { ...clientMetadata, client_secret: clientSecret, - client_id_issued_at: clientIdIssuedAt, client_secret_expires_at: clientSecretExpiresAt, }; if (clientIdGeneration) { clientInfo.client_id = crypto.randomUUID(); + clientInfo.client_id_issued_at = clientIdIssuedAt; } clientInfo = await clientsStore.registerClient!(clientInfo);