comparison mod_auth_oauth_external/mod_auth_oauth_external.lua @ 6525:05d66fe6b289

mod_auth_oauth_external: Reorder and comment on settings Trying to group settings a bit more.
author Kim Alvefur <zash@zash.se>
date Sat, 02 May 2026 16:10:48 +0200
parents cab284eaeb81
children 1216f6befbe7
comparison
equal deleted inserted replaced
6524:aaf92bf929e5 6525:05d66fe6b289
2 local async = require "util.async"; 2 local async = require "util.async";
3 local jid = require "util.jid"; 3 local jid = require "util.jid";
4 local json = require "util.json"; 4 local json = require "util.json";
5 local sasl = require "util.sasl"; 5 local sasl = require "util.sasl";
6 6
7 -- Details about the OAuth2 Issuer
7 local issuer_identity = module:get_option_string("oauth_external_issuer"); 8 local issuer_identity = module:get_option_string("oauth_external_issuer");
8 local oidc_discovery_url = module:get_option_string("oauth_external_discovery_url", 9 local oidc_discovery_url = module:get_option_string("oauth_external_discovery_url",
9 issuer_identity and issuer_identity .. "/.well-known/oauth-authorization-server" or nil); 10 issuer_identity and issuer_identity .. "/.well-known/oauth-authorization-server" or nil);
11
12 -- OAuth2 endpoints
13 -- These could be discovered dynamically if unset
10 local validation_endpoint = module:get_option_string("oauth_external_validation_endpoint"); 14 local validation_endpoint = module:get_option_string("oauth_external_validation_endpoint");
11 local token_endpoint = module:get_option_string("oauth_external_token_endpoint"); 15 local token_endpoint = module:get_option_string("oauth_external_token_endpoint");
12 16
17 -- Field used to decide the XMPP address localpart
13 local username_field = module:get_option_string("oauth_external_username_field", "preferred_username"); 18 local username_field = module:get_option_string("oauth_external_username_field", "preferred_username");
19
20 -- Settings needed for Resource Owner Password Grant, where Prosody acts as an OAuth2 Client
21 -- Since at this time, no clients support SASL OAUTHBEARER, this is the only way this works
14 local allow_plain = module:get_option_boolean("oauth_external_resource_owner_password", true); 22 local allow_plain = module:get_option_boolean("oauth_external_resource_owner_password", true);
15
16 -- XXX Hold up, does whatever done here even need any of these things? Are we
17 -- the OAuth client? Is the XMPP client the OAuth client? What are we???
18 local client_id = module:get_option_string("oauth_external_client_id"); 23 local client_id = module:get_option_string("oauth_external_client_id");
19 local client_secret = module:get_option_string("oauth_external_client_secret"); 24 local client_secret = module:get_option_string("oauth_external_client_secret");
20 local scope = module:get_option_string("oauth_external_scope", "openid"); 25 local scope = module:get_option_string("oauth_external_scope", "openid");
21 26
22 --[[ More or less required endpoints 27 --[[ More or less required endpoints