Mercurial > prosody-modules
comparison mod_auth_oauth_external/mod_auth_oauth_external.lua @ 5436:e7d99bacd0e8
mod_auth_oauth_external: Make 'scope' configurable in password grant request
Needed by some OAuth servers, tested here with Mastodon
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 10 May 2023 12:39:05 +0200 |
| parents | b3e7886fea6a |
| children | 49306afbf722 |
comparison
equal
deleted
inserted
replaced
| 5435:b3e7886fea6a | 5436:e7d99bacd0e8 |
|---|---|
| 15 | 15 |
| 16 -- XXX Hold up, does whatever done here even need any of these things? Are we | 16 -- XXX Hold up, does whatever done here even need any of these things? Are we |
| 17 -- the OAuth client? Is the XMPP client the OAuth client? What are we??? | 17 -- the OAuth client? Is the XMPP client the OAuth client? What are we??? |
| 18 local client_id = module:get_option_string("oauth_external_client_id"); | 18 local client_id = module:get_option_string("oauth_external_client_id"); |
| 19 local client_secret = module:get_option_string("oauth_external_client_secret"); | 19 local client_secret = module:get_option_string("oauth_external_client_secret"); |
| 20 local scope = module:get_option_string("oauth_external_scope", "openid"); | |
| 20 | 21 |
| 21 --[[ More or less required endpoints | 22 --[[ More or less required endpoints |
| 22 digraph "oauth endpoints" { | 23 digraph "oauth endpoints" { |
| 23 issuer -> discovery -> { registration validation } | 24 issuer -> discovery -> { registration validation } |
| 24 registration -> { client_id client_secret } | 25 registration -> { client_id client_secret } |
| 42 grant_type = "password"; | 43 grant_type = "password"; |
| 43 client_id = client_id; | 44 client_id = client_id; |
| 44 client_secret = client_secret; | 45 client_secret = client_secret; |
| 45 username = map_username(username, realm); | 46 username = map_username(username, realm); |
| 46 password = password; | 47 password = password; |
| 47 scope = "openid"; | 48 scope = scope; |
| 48 }); | 49 }); |
| 49 })) | 50 })) |
| 50 if err or not (tok.code >= 200 and tok.code < 300) then | 51 if err or not (tok.code >= 200 and tok.code < 300) then |
| 51 return false, nil; | 52 return false, nil; |
| 52 end | 53 end |
