Mercurial > prosody-modules
diff mod_auth_oauth_external/mod_auth_oauth_external.lua @ 6525:05d66fe6b289
mod_auth_oauth_external: Reorder and comment on settings
Trying to group settings a bit more.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 02 May 2026 16:10:48 +0200 |
| parents | cab284eaeb81 |
| children | 1216f6befbe7 |
line wrap: on
line diff
--- a/mod_auth_oauth_external/mod_auth_oauth_external.lua Thu Apr 30 10:53:14 2026 +0100 +++ b/mod_auth_oauth_external/mod_auth_oauth_external.lua Sat May 02 16:10:48 2026 +0200 @@ -4,17 +4,22 @@ local json = require "util.json"; local sasl = require "util.sasl"; +-- Details about the OAuth2 Issuer local issuer_identity = module:get_option_string("oauth_external_issuer"); local oidc_discovery_url = module:get_option_string("oauth_external_discovery_url", issuer_identity and issuer_identity .. "/.well-known/oauth-authorization-server" or nil); + +-- OAuth2 endpoints +-- These could be discovered dynamically if unset local validation_endpoint = module:get_option_string("oauth_external_validation_endpoint"); local token_endpoint = module:get_option_string("oauth_external_token_endpoint"); +-- Field used to decide the XMPP address localpart local username_field = module:get_option_string("oauth_external_username_field", "preferred_username"); -local allow_plain = module:get_option_boolean("oauth_external_resource_owner_password", true); --- XXX Hold up, does whatever done here even need any of these things? Are we --- the OAuth client? Is the XMPP client the OAuth client? What are we??? +-- Settings needed for Resource Owner Password Grant, where Prosody acts as an OAuth2 Client +-- Since at this time, no clients support SASL OAUTHBEARER, this is the only way this works +local allow_plain = module:get_option_boolean("oauth_external_resource_owner_password", true); local client_id = module:get_option_string("oauth_external_client_id"); local client_secret = module:get_option_string("oauth_external_client_secret"); local scope = module:get_option_string("oauth_external_scope", "openid");
