Remove the contacts requirement from the client registration policy

sandhose · sandhose · commit 4ccce4de46bb · 2024-09-20T20:39:04.000+02:00
diff --git a/docs/reference/configuration.md b/docs/reference/configuration.md
@@ -372,8 +372,6 @@ policy:
       allow_insecure_uris: false
       # don't require clients to provide a client_uri. default: false
       allow_missing_client_uri: false
-      # don't require clients to provide a contacts field. default: false
-      allow_missing_contacts: false
 
     # Restrict emails on registration to a specific domain
     # Items in this array are evaluated as a glob
diff --git a/policies/client_registration.rego b/policies/client_registration.rego
@@ -96,19 +96,6 @@ violation[{"msg": "logo_uri not on the same host as the client_uri"}] {
 	not host_matches_client_uri(input.client_metadata.logo_uri)
 }
 
-violation[{"msg": "missing contacts"}] {
-	not data.client_registration.allow_missing_contacts
-	not input.client_metadata.contacts
-}
-
-violation[{"msg": "invalid contacts"}] {
-	not is_array(input.client_metadata.contacts)
-}
-
-violation[{"msg": "empty contacts"}] {
-	count(input.client_metadata.contacts) == 0
-}
-
 # If the grant_types is missing, we assume it is authorization_code
 uses_grant_type("authorization_code") {
 	not input.client_metadata.grant_types
@@ -143,11 +130,11 @@ violation[{"msg": "missing redirect_uris"}] {
 	not input.client_metadata.redirect_uris
 }
 
-violation[{"msg": "invalid redirect_uris"}] {
+violation[{"msg": "invalid redirect_uris: it must be an array"}] {
 	not is_array(input.client_metadata.redirect_uris)
 }
 
-violation[{"msg": "empty redirect_uris"}] {
+violation[{"msg": "invalid redirect_uris: it must have at least one redirect_uri"}] {
 	requires_redirect_uris
 	count(input.client_metadata.redirect_uris) == 0
 }
diff --git a/policies/client_registration_test.rego b/policies/client_registration_test.rego
