Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 6516:3b69df385f66
mod_http_oauth2: Normalize the password in the password grant
Otherwise entering passwords in non-normal form might lead to
authentication failures.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 08 Apr 2026 23:12:13 +0200 |
| parents | ff55e93be449 |
| children |
comparison
equal
deleted
inserted
replaced
| 6515:ff55e93be449 | 6516:3b69df385f66 |
|---|---|
| 462 end | 462 end |
| 463 | 463 |
| 464 local request_password = params.password; | 464 local request_password = params.password; |
| 465 if not request_password then | 465 if not request_password then |
| 466 return oauth_error("invalid_request", "missing 'password'"); | 466 return oauth_error("invalid_request", "missing 'password'"); |
| 467 end | |
| 468 request_password = encodings.stringprep.saslprep(request_password); | |
| 469 if not request_password then | |
| 470 return oauth_error("invalid_request", "invalid 'password'"); | |
| 467 end | 471 end |
| 468 | 472 |
| 469 local auth_event = { | 473 local auth_event = { |
| 470 session = { | 474 session = { |
| 471 type = "oauth2"; | 475 type = "oauth2"; |
