comparison mod_http_oauth2/mod_http_oauth2.lua @ 6515:ff55e93be449

mod_http_oauth2: Normalize username in password grant Otherwise authentication may fail if provided a non-normalized username Introduced in c1b94dd6e53b
author Kim Alvefur <zash@zash.se>
date Wed, 08 Apr 2026 23:08:39 +0200
parents 7fe484e7b574
children 3b69df385f66
comparison
equal deleted inserted replaced
6514:668b1f0a4dc6 6515:ff55e93be449
452 request_username = _request_username 452 request_username = _request_username
453 else 453 else
454 request_username = params.username; 454 request_username = params.username;
455 if not request_username then 455 if not request_username then
456 return oauth_error("invalid_request", "missing 'username'"); 456 return oauth_error("invalid_request", "missing 'username'");
457 end
458 request_username = encodings.stringprep.nodeprep(request_username);
459 if not request_username then
460 return oauth_error("invalid_request", "invalid 'username'");
457 end 461 end
458 end 462 end
459 463
460 local request_password = params.password; 464 local request_password = params.password;
461 if not request_password then 465 if not request_password then