comparison mod_http_oauth2/mod_http_oauth2.lua @ 5382:12498c0d705f

mod_http_oauth2: Reorder routes into order they happen in OAuth 2.0 Since I usually start here to remember the order of things, might as well turn it into a mini step by step guide :)
author Kim Alvefur <zash@zash.se>
date Sat, 29 Apr 2023 11:26:04 +0200
parents 6155c46d9eea
children df11a2cbc7b7
comparison
equal deleted inserted replaced
5381:32a9817c7516 5382:12498c0d705f
831 end 831 end
832 832
833 module:depends("http"); 833 module:depends("http");
834 module:provides("http", { 834 module:provides("http", {
835 route = { 835 route = {
836 -- User-facing login and consent view 836 -- OAuth 2.0 in 5 simple steps!
837 -- This is the normal 'authorization_code' flow.
838
839 -- Step 1. Create OAuth client
840 ["POST /register"] = handle_register_request;
841
842 -- Step 2. User-facing login and consent view
837 ["GET /authorize"] = handle_authorization_request; 843 ["GET /authorize"] = handle_authorization_request;
838 ["POST /authorize"] = handle_authorization_request; 844 ["POST /authorize"] = handle_authorization_request;
839 845
840 -- Create OAuth client 846 -- Step 3. User is redirected to the 'redirect_uri' along with an
841 ["POST /register"] = handle_register_request; 847 -- authorization code. In the insecure 'implicit' flow, the access token
842 848 -- is delivered here.
849
850 -- Step 4. Retrieve access token using the code.
843 ["POST /token"] = handle_token_grant; 851 ["POST /token"] = handle_token_grant;
852
853 -- Step 4 is later repeated using the refresh token to get new access tokens.
854
855 -- Step 5. Revoke token (access or refresh)
844 ["POST /revoke"] = handle_revocation_request; 856 ["POST /revoke"] = handle_revocation_request;
845 857
846 -- OpenID 858 -- OpenID
847 ["GET /userinfo"] = handle_userinfo_request; 859 ["GET /userinfo"] = handle_userinfo_request;
848 860