Mercurial > prosody-modules
comparison mod_auth_oauth_external/mod_auth_oauth_external.lua @ 6525:05d66fe6b289
mod_auth_oauth_external: Reorder and comment on settings
Trying to group settings a bit more.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 02 May 2026 16:10:48 +0200 |
| parents | cab284eaeb81 |
| children | 1216f6befbe7 |
comparison
equal
deleted
inserted
replaced
| 6524:aaf92bf929e5 | 6525:05d66fe6b289 |
|---|---|
| 2 local async = require "util.async"; | 2 local async = require "util.async"; |
| 3 local jid = require "util.jid"; | 3 local jid = require "util.jid"; |
| 4 local json = require "util.json"; | 4 local json = require "util.json"; |
| 5 local sasl = require "util.sasl"; | 5 local sasl = require "util.sasl"; |
| 6 | 6 |
| 7 -- Details about the OAuth2 Issuer | |
| 7 local issuer_identity = module:get_option_string("oauth_external_issuer"); | 8 local issuer_identity = module:get_option_string("oauth_external_issuer"); |
| 8 local oidc_discovery_url = module:get_option_string("oauth_external_discovery_url", | 9 local oidc_discovery_url = module:get_option_string("oauth_external_discovery_url", |
| 9 issuer_identity and issuer_identity .. "/.well-known/oauth-authorization-server" or nil); | 10 issuer_identity and issuer_identity .. "/.well-known/oauth-authorization-server" or nil); |
| 11 | |
| 12 -- OAuth2 endpoints | |
| 13 -- These could be discovered dynamically if unset | |
| 10 local validation_endpoint = module:get_option_string("oauth_external_validation_endpoint"); | 14 local validation_endpoint = module:get_option_string("oauth_external_validation_endpoint"); |
| 11 local token_endpoint = module:get_option_string("oauth_external_token_endpoint"); | 15 local token_endpoint = module:get_option_string("oauth_external_token_endpoint"); |
| 12 | 16 |
| 17 -- Field used to decide the XMPP address localpart | |
| 13 local username_field = module:get_option_string("oauth_external_username_field", "preferred_username"); | 18 local username_field = module:get_option_string("oauth_external_username_field", "preferred_username"); |
| 19 | |
| 20 -- Settings needed for Resource Owner Password Grant, where Prosody acts as an OAuth2 Client | |
| 21 -- Since at this time, no clients support SASL OAUTHBEARER, this is the only way this works | |
| 14 local allow_plain = module:get_option_boolean("oauth_external_resource_owner_password", true); | 22 local allow_plain = module:get_option_boolean("oauth_external_resource_owner_password", true); |
| 15 | |
| 16 -- XXX Hold up, does whatever done here even need any of these things? Are we | |
| 17 -- the OAuth client? Is the XMPP client the OAuth client? What are we??? | |
| 18 local client_id = module:get_option_string("oauth_external_client_id"); | 23 local client_id = module:get_option_string("oauth_external_client_id"); |
| 19 local client_secret = module:get_option_string("oauth_external_client_secret"); | 24 local client_secret = module:get_option_string("oauth_external_client_secret"); |
| 20 local scope = module:get_option_string("oauth_external_scope", "openid"); | 25 local scope = module:get_option_string("oauth_external_scope", "openid"); |
| 21 | 26 |
| 22 --[[ More or less required endpoints | 27 --[[ More or less required endpoints |
