Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 5451:6705f2a09702
mod_http_oauth2: Reference grant by id instead of value
Fixes that the grant got mutated on use of refresh token, notably it
would gain 'id' and 'jid' properties set there by mod_tokenauth.
Previously also the secret token that we should not be remembering.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 12 May 2023 11:11:38 +0200 |
| parents | d2594bbf7c36 |
| children | b071d8ee6555 |
comparison
equal
deleted
inserted
replaced
| 5450:d2594bbf7c36 | 5451:6705f2a09702 |
|---|---|
| 214 -- Create refresh token for the grant if desired | 214 -- Create refresh token for the grant if desired |
| 215 refresh_token = refresh_token_info ~= false and tokens.create_token(token_jid, grant, nil, nil, "oauth2-refresh"); | 215 refresh_token = refresh_token_info ~= false and tokens.create_token(token_jid, grant, nil, nil, "oauth2-refresh"); |
| 216 else | 216 else |
| 217 -- Grant exists, reuse existing refresh token | 217 -- Grant exists, reuse existing refresh token |
| 218 refresh_token = refresh_token_info.token; | 218 refresh_token = refresh_token_info.token; |
| 219 refresh_token_info.token = nil; -- Prevent persistence of *secret* token | 219 end |
| 220 | 220 |
| 221 refresh_token_info.grant = nil; -- Prevent reference loop | 221 local access_token, access_token_info = tokens.create_token(token_jid, grant.id, role, default_access_ttl, "oauth2"); |
| 222 end | |
| 223 | |
| 224 local access_token, access_token_info = tokens.create_token(token_jid, grant, role, default_access_ttl, "oauth2"); | |
| 225 | 222 |
| 226 local expires_at = access_token_info.expires; | 223 local expires_at = access_token_info.expires; |
| 227 return { | 224 return { |
| 228 token_type = "bearer"; | 225 token_type = "bearer"; |
| 229 access_token = access_token; | 226 access_token = access_token; |
