view mod_audit_register/mod_audit_register.lua @ 5221:22483cfce3ce

mod_http_oauth2: Reflect ALL attributes of the client registration Per RFC 7591: " Additionally, the authorization server MUST return all registered metadata about this client, including any fields provisioned by the authorization server itself. " The idea is that the server may replace/drop fields in the registration, so what gets reflected back to the client is the source of truth about the registration.
author Matthew Wild <mwild1@gmail.com>
date Tue, 07 Mar 2023 14:52:43 +0000
parents 08dea42a302a
children dde83f6043e6
line wrap: on
line source

module:depends("audit");
-- luacheck: read globals module.audit

local st = require "util.stanza";

module:hook("user-registered", function(event)
	local session = event.session;
	local custom = {};
	local invite = event.validated_invite or (event.session and event.session.validated_invite);
	if invite then
		table.insert(custom, st.stanza(
			"invite-used",
			{
				xmlns = "xmpp:prosody.im/audit",
				token = invite.token,
			}
		))
	end
	module:audit(event.username, "user-registered", {
		session = session,
		custom = custom,
	});
end);