Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 6241:b460b2a65f0b
mod_http_oauth2: Remove now redundant client_id check from remaining grant handlers
Missed these in 2505542c6c50
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 03 Jun 2025 01:11:37 +0200 |
| parents | 7b3316ac24b3 |
| children | ef81c67e1ae7 |
comparison
equal
deleted
inserted
replaced
| 6240:f96923cd35f6 | 6241:b460b2a65f0b |
|---|---|
| 550 end | 550 end |
| 551 | 551 |
| 552 return json.encode(new_access_token(code.granted_jid, code.granted_role, code.granted_scopes, client, code.id_token)); | 552 return json.encode(new_access_token(code.granted_jid, code.granted_role, code.granted_scopes, client, code.id_token)); |
| 553 end | 553 end |
| 554 | 554 |
| 555 function grant_type_handlers.refresh_token(params) | 555 function grant_type_handlers.refresh_token(params, client) |
| 556 if not params.client_id then return oauth_error("invalid_request", "missing 'client_id'"); end | |
| 557 if not params.client_secret then return oauth_error("invalid_request", "missing 'client_secret'"); end | |
| 558 if not params.refresh_token then return oauth_error("invalid_request", "missing 'refresh_token'"); end | 556 if not params.refresh_token then return oauth_error("invalid_request", "missing 'refresh_token'"); end |
| 559 | |
| 560 local client = check_client(params.client_id); | |
| 561 if not client then | |
| 562 return oauth_error("invalid_client", "incorrect credentials"); | |
| 563 end | |
| 564 | |
| 565 if not verify_client_secret(params.client_id, params.client_secret) then | |
| 566 module:log("debug", "client_secret mismatch"); | |
| 567 return oauth_error("invalid_client", "incorrect credentials"); | |
| 568 end | |
| 569 | 557 |
| 570 local refresh_token_info = tokens.get_token_info(params.refresh_token); | 558 local refresh_token_info = tokens.get_token_info(params.refresh_token); |
| 571 if not refresh_token_info or refresh_token_info.purpose ~= "oauth2-refresh" then | 559 if not refresh_token_info or refresh_token_info.purpose ~= "oauth2-refresh" then |
| 572 return oauth_error("invalid_grant", "invalid refresh token"); | 560 return oauth_error("invalid_grant", "invalid refresh token"); |
| 573 end | 561 end |
| 596 refresh_token_info.token = params.refresh_token; | 584 refresh_token_info.token = params.refresh_token; |
| 597 | 585 |
| 598 return json.encode(new_access_token(refresh_token_info.jid, role, new_scopes, client, nil, refresh_token_info)); | 586 return json.encode(new_access_token(refresh_token_info.jid, role, new_scopes, client, nil, refresh_token_info)); |
| 599 end | 587 end |
| 600 | 588 |
| 601 grant_type_handlers[device_uri] = function(params) | 589 grant_type_handlers[device_uri] = function(params, client) |
| 602 if not params.client_id then return oauth_error("invalid_request", "missing 'client_id'"); end | |
| 603 if not params.client_secret then return oauth_error("invalid_request", "missing 'client_secret'"); end | |
| 604 if not params.device_code then return oauth_error("invalid_request", "missing 'device_code'"); end | 590 if not params.device_code then return oauth_error("invalid_request", "missing 'device_code'"); end |
| 605 | |
| 606 local client = check_client(params.client_id); | |
| 607 if not client then | |
| 608 return oauth_error("invalid_client", "incorrect credentials"); | |
| 609 end | |
| 610 | |
| 611 if not verify_client_secret(params.client_id, params.client_secret) then | |
| 612 module:log("debug", "client_secret mismatch"); | |
| 613 return oauth_error("invalid_client", "incorrect credentials"); | |
| 614 end | |
| 615 | 591 |
| 616 local code = codes:get("device_code:" .. params.client_id .. "#" .. params.device_code); | 592 local code = codes:get("device_code:" .. params.client_id .. "#" .. params.device_code); |
| 617 if type(code) ~= "table" or code_expired(code) then | 593 if type(code) ~= "table" or code_expired(code) then |
| 618 return oauth_error("expired_token"); | 594 return oauth_error("expired_token"); |
| 619 elseif code.error then | 595 elseif code.error then |
