1.4.5.3: don't add WWW-Authenticate header(s); OpenIDC/mod_oauth2#42

Signed-off-by: Hans Zandbelt <[email protected]>
OpenIDC · Jan 20, 2023 · 31cf194 · 31cf194
1 parent 5140fcd
commit 31cf194
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 6 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,7 @@
+01/20/2023
+- don't add WWW-Authenticate header(s) but (over)write a single one; see zmartzone/mod_oauth2#42
+- release 1.4.5.3
+
 12/14/2022
 - fix NGINX https schema detection
 - bump to 1.4.5.3dev

diff --git a/configure.ac b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([liboauth2],[1.4.5.3dev],[[email protected]])
+AC_INIT([liboauth2],[1.4.5.3],[[email protected]])
 
 AM_INIT_AUTOMAKE([foreign no-define subdir-objects])
 AC_CONFIG_MACRO_DIR([m4])

diff --git a/include/oauth2/apache.h b/include/oauth2/apache.h
@@ -309,7 +309,7 @@ int oauth2_apache_return_www_authenticate(oauth2_cfg_source_token_t *cfg,
 					  const char *error_description);
 bool oauth2_apache_request_header_set(oauth2_log_t *log, void *rec,
 				      const char *name, const char *value);
-void oauth2_apache_hdr_out_add(oauth2_log_t *log, const request_rec *r,
+void oauth2_apache_hdr_out_set(oauth2_log_t *log, const request_rec *r,
 			       const char *name, const char *value);
 void oauth2_apache_scrub_headers(oauth2_apache_request_ctx_t *ctx,
 				 oauth2_cfg_target_pass_t *target_pass);

diff --git a/include/oauth2/oauth2.h b/include/oauth2/oauth2.h
@@ -55,6 +55,7 @@
 #define OAUTH2_ERROR_INVALID_TOKEN "invalid_token"
 #define OAUTH2_ERROR_INVALID_REQUEST "invalid_request"
 #define OAUTH2_ERROR_INSUFFICIENT_SCOPE "insufficient_scope"
+#define OAUTH2_ERROR_INSUFFICIENT_USER_AUTHENTICATION "insufficient_user_authentication"
 
 #define OAUTH2_CLAIM_ISS "iss"
 #define OAUTH2_CLAIM_SUB "sub"

diff --git a/src/server/apache.c b/src/server/apache.c
@@ -384,7 +384,7 @@ int oauth2_apache_return_www_authenticate(oauth2_cfg_source_token_t *cfg,
 		hdr = apr_psprintf(ctx->r->pool, "%s, %s=\"%s\"", hdr,
 				   OAUTH2_ERROR_DESCRIPTION, error_description);
 
-	oauth2_apache_hdr_out_add(ctx->log, ctx->r,
+	oauth2_apache_hdr_out_set(ctx->log, ctx->r,
 				  OAUTH2_HTTP_HDR_WWW_AUTHENTICATE, hdr);
 
 	oauth2_debug(ctx->log, "leave");
@@ -427,7 +427,7 @@ bool oauth2_apache_response_header_set(oauth2_log_t *log, void *rec,
 				       const char *name, const char *value)
 {
 	request_rec *r = (request_rec *)rec;
-	oauth2_apache_hdr_out_add(log, r, name, value);
+	oauth2_apache_hdr_out_set(log, r, name, value);
 	return true;
 }
 
@@ -452,11 +452,11 @@ bool oauth2_apache_http_response_set(oauth2_log_t *log,
 	return rc;
 }
 
-void oauth2_apache_hdr_out_add(oauth2_log_t *log, const request_rec *r,
+void oauth2_apache_hdr_out_set(oauth2_log_t *log, const request_rec *r,
 			       const char *name, const char *value)
 {
 	oauth2_debug(log, "%s: %s", name, value);
-	apr_table_add(r->err_headers_out, name, value);
+	apr_table_set(r->err_headers_out, name, value);
 }
 
 void oauth2_apache_scrub_headers(oauth2_apache_request_ctx_t *ctx,