Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 5474:d0b93105b289
mod_http_oauth2: Don't return redirects or HTML from token endpoint
These are used by the client, not the user, so makes more sense to
return JSON directly instead of a redirect or HTML error page when .
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 18 May 2023 13:41:23 +0200 |
| parents | e4382f6e3564 |
| children | 022733437fef |
comparison
equal
deleted
inserted
replaced
| 5473:e4382f6e3564 | 5474:d0b93105b289 |
|---|---|
| 662 local credentials = get_request_credentials(event.request); | 662 local credentials = get_request_credentials(event.request); |
| 663 | 663 |
| 664 event.response.headers.content_type = "application/json"; | 664 event.response.headers.content_type = "application/json"; |
| 665 local params = http.formdecode(event.request.body); | 665 local params = http.formdecode(event.request.body); |
| 666 if not params then | 666 if not params then |
| 667 return error_response(event.request, oauth_error("invalid_request")); | 667 return oauth_error("invalid_request"); |
| 668 end | 668 end |
| 669 | 669 |
| 670 if credentials and credentials.type == "basic" then | 670 if credentials and credentials.type == "basic" then |
| 671 -- client_secret_basic converted internally to client_secret_post | 671 -- client_secret_basic converted internally to client_secret_post |
| 672 params.client_id = http.urldecode(credentials.username); | 672 params.client_id = http.urldecode(credentials.username); |
| 674 end | 674 end |
| 675 | 675 |
| 676 local grant_type = params.grant_type | 676 local grant_type = params.grant_type |
| 677 local grant_handler = grant_type_handlers[grant_type]; | 677 local grant_handler = grant_type_handlers[grant_type]; |
| 678 if not grant_handler then | 678 if not grant_handler then |
| 679 return error_response(event.request, oauth_error("unsupported_grant_type")); | 679 return oauth_error("invalid_request"); |
| 680 end | 680 end |
| 681 return grant_handler(params); | 681 return grant_handler(params); |
| 682 end | 682 end |
| 683 | 683 |
| 684 local function handle_authorization_request(event) | 684 local function handle_authorization_request(event) |
