fix: Update ScopesSupported to match RFC 9728 Section 2

2025-10-22 00:13:03 +00:00 · 2025-10-12 21:26:05 +01:00 · 2025-10-12 21:26:05 +01:00 · 8ca4bb4787
commit 8ca4bb4787
parent 56d969b785
5 changed files with 17 additions and 66 deletions
--- a/internal/authz/default.go
+++ b/internal/authz/default.go
@ -100,10 +100,17 @@ func (p *defaultProvider) ProtectedResourceMetadataHandler() http.HandlerFunc {
 		w.Header().Set("Content-Type", "application/json")
 		meta := map[string]interface{}{
 			"audience":              p.cfg.ProtectedResourceMetadata.Audience,
-			"scopes_supported":      p.cfg.ProtectedResourceMetadata.ScopesSupported,
 			"authorization_servers": p.cfg.ProtectedResourceMetadata.AuthorizationServers,
 		}

+		if len(p.cfg.ProtectedResourceMetadata.ScopesSupported) > 0 {
+			meta["scopes_supported"] = p.cfg.ProtectedResourceMetadata.ScopesSupported
+		}
+
+		if p.cfg.ProtectedResourceMetadata.ResourceIdentifier != "" {
+			meta["resource"] = p.cfg.ProtectedResourceMetadata.ResourceIdentifier
+		}
+
 		if p.cfg.ProtectedResourceMetadata.JwksURI != "" {
 			meta["jwks_uri"] = p.cfg.ProtectedResourceMetadata.JwksURI
 		}