policy: only require redirect_uris for the authorization_code and implicit grants

crates/handlers/src/graphql/tests.rs

@@ -366,12 +366,9 @@ async fn test_oauth2_client_credentials(pool: PgPool) {
     let request =
         Request::post(mas_router::OAuth2RegistrationEndpoint::PATH).json(serde_json::json!({
             "client_uri": "https://example.com/",
-            // XXX: we shouldn't have to specify the redirect URI here, but the policy denies it for now
-            "redirect_uris": ["https://example.com/callback"],
             "contacts": ["contact@example.com"],
             "token_endpoint_auth_method": "client_secret_post",
             "grant_types": ["client_credentials"],
-            "response_types": [],
         }));
 
     let response = state.request(request).await;

crates/handlers/src/oauth2/introspection.rs

@@ -392,10 +392,6 @@ mod tests {
         let request = Request::post(OAuth2RegistrationEndpoint::PATH).json(json!({
             "contacts": ["hello@introspecting.com"],
             "client_uri": "https://introspecting.com/",
-            // XXX: even though we don't use the authorization_code flow, we need to specify at
-            // least one redirect_uri
-            "redirect_uris": ["https://introspecting.com/"],
-            "response_types": [],
             "grant_types": [],
             "token_endpoint_auth_method": "client_secret_basic",
         }));
@@ -558,10 +554,6 @@ mod tests {
         let request = Request::post(OAuth2RegistrationEndpoint::PATH).json(json!({
             "contacts": ["hello@introspecting.com"],
             "client_uri": "https://introspecting.com/",
-            // XXX: even though we don't use the authorization_code flow, we need to specify at
-            // least one redirect_uri
-            "redirect_uris": ["https://introspecting.com/"],
-            "response_types": [],
             "grant_types": [],
             "token_endpoint_auth_method": "client_secret_basic",
         }));