1.4.5.3: don't add WWW-Authenticate header(s); OpenIDC/mod_oauth2#42

Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>

Author: zandbelt

ChangeLog

@@ -1,3 +1,7 @@
+01/20/2023
+- don't add WWW-Authenticate header(s) but (over)write a single one; see zmartzone/mod_oauth2#42
+- release 1.4.5.3
+
 12/14/2022
 - fix NGINX https schema detection
 - bump to 1.4.5.3dev

configure.ac

@@ -1,4 +1,4 @@
-AC_INIT([liboauth2],[1.4.5.3dev],[hans.zandbelt@zmartzone.eu])
+AC_INIT([liboauth2],[1.4.5.3],[hans.zandbelt@zmartzone.eu])
 
 AM_INIT_AUTOMAKE([foreign no-define subdir-objects])
 AC_CONFIG_MACRO_DIR([m4])

include/oauth2/apache.h

@@ -309,7 +309,7 @@ int oauth2_apache_return_www_authenticate(oauth2_cfg_source_token_t *cfg,
 					  const char *error_description);
 bool oauth2_apache_request_header_set(oauth2_log_t *log, void *rec,
 				      const char *name, const char *value);
-void oauth2_apache_hdr_out_add(oauth2_log_t *log, const request_rec *r,
+void oauth2_apache_hdr_out_set(oauth2_log_t *log, const request_rec *r,
 			       const char *name, const char *value);
 void oauth2_apache_scrub_headers(oauth2_apache_request_ctx_t *ctx,
 				 oauth2_cfg_target_pass_t *target_pass);

include/oauth2/oauth2.h

@@ -55,6 +55,7 @@
 #define OAUTH2_ERROR_INVALID_TOKEN "invalid_token"
 #define OAUTH2_ERROR_INVALID_REQUEST "invalid_request"
 #define OAUTH2_ERROR_INSUFFICIENT_SCOPE "insufficient_scope"
+#define OAUTH2_ERROR_INSUFFICIENT_USER_AUTHENTICATION "insufficient_user_authentication"
 
 #define OAUTH2_CLAIM_ISS "iss"
 #define OAUTH2_CLAIM_SUB "sub"

src/server/apache.c

@@ -384,7 +384,7 @@ int oauth2_apache_return_www_authenticate(oauth2_cfg_source_token_t *cfg,
 		hdr = apr_psprintf(ctx->r->pool, "%s, %s=\"%s\"", hdr,
 				   OAUTH2_ERROR_DESCRIPTION, error_description);
 
-	oauth2_apache_hdr_out_add(ctx->log, ctx->r,
+	oauth2_apache_hdr_out_set(ctx->log, ctx->r,
 				  OAUTH2_HTTP_HDR_WWW_AUTHENTICATE, hdr);
 
 	oauth2_debug(ctx->log, "leave");
@@ -427,7 +427,7 @@ bool oauth2_apache_response_header_set(oauth2_log_t *log, void *rec,
 				       const char *name, const char *value)
 {
 	request_rec *r = (request_rec *)rec;
-	oauth2_apache_hdr_out_add(log, r, name, value);
+	oauth2_apache_hdr_out_set(log, r, name, value);
 	return true;
 }
 
@@ -452,11 +452,11 @@ bool oauth2_apache_http_response_set(oauth2_log_t *log,
 	return rc;
 }
 
-void oauth2_apache_hdr_out_add(oauth2_log_t *log, const request_rec *r,
+void oauth2_apache_hdr_out_set(oauth2_log_t *log, const request_rec *r,
 			       const char *name, const char *value)
 {
 	oauth2_debug(log, "%s: %s", name, value);
-	apr_table_add(r->err_headers_out, name, value);
+	apr_table_set(r->err_headers_out, name, value);
 }
 
 void oauth2_apache_scrub_headers(oauth2_apache_request_ctx_t *ctx,