comparison mod_http_oauth2/mod_http_oauth2.lua @ 6516:3b69df385f66

mod_http_oauth2: Normalize the password in the password grant Otherwise entering passwords in non-normal form might lead to authentication failures.
author Kim Alvefur <zash@zash.se>
date Wed, 08 Apr 2026 23:12:13 +0200
parents ff55e93be449
children
comparison
equal deleted inserted replaced
6515:ff55e93be449 6516:3b69df385f66
462 end 462 end
463 463
464 local request_password = params.password; 464 local request_password = params.password;
465 if not request_password then 465 if not request_password then
466 return oauth_error("invalid_request", "missing 'password'"); 466 return oauth_error("invalid_request", "missing 'password'");
467 end
468 request_password = encodings.stringprep.saslprep(request_password);
469 if not request_password then
470 return oauth_error("invalid_request", "invalid 'password'");
467 end 471 end
468 472
469 local auth_event = { 473 local auth_event = {
470 session = { 474 session = {
471 type = "oauth2"; 475 type = "oauth2";