comparison mod_http_oauth2/mod_http_oauth2.lua @ 5181:2c6acf2d6fd4

mod_http_oauth2: Fix removal of consumed authorization codes Fixes mod_http_oauth2.lua:34: bad argument #2 to 'difftime' (number expected, got nil) The extra preceding argument to :set stored the client-id#code as a value instead of clearing the key, and then later in the periodic cleanup timer this string would be indexed, producing a nil and a traceback
author Kim Alvefur <zash@zash.se>
date Wed, 01 Mar 2023 21:11:48 +0100
parents 5dadbe0718f1
children 20ba6340f524
comparison
equal deleted inserted replaced
5180:6361afcda1a3 5181:2c6acf2d6fd4
164 if err then error(err); end 164 if err then error(err); end
165 if not code or type(code) ~= "table" or code_expired(code) then 165 if not code or type(code) ~= "table" or code_expired(code) then
166 module:log("debug", "authorization_code invalid or expired: %q", code); 166 module:log("debug", "authorization_code invalid or expired: %q", code);
167 return oauth_error("invalid_client", "incorrect credentials"); 167 return oauth_error("invalid_client", "incorrect credentials");
168 end 168 end
169 assert(codes:set(client_owner, client_id .. "#" .. params.code, nil)); 169 assert(codes:set(client_id .. "#" .. params.code, nil));
170 170
171 return json.encode(new_access_token(code.granted_jid, code.granted_scopes, nil)); 171 return json.encode(new_access_token(code.granted_jid, code.granted_scopes, nil));
172 end 172 end
173 173
174 local function check_credentials(request, allow_token) 174 local function check_credentials(request, allow_token)