comparison mod_http_oauth2/mod_http_oauth2.lua @ 5423:5b2352dda31f

mod_http_oauth2: Include all granted roles in scopes The client is allowed to request a subset of granted scopes, so it makes sense to record all granted roles so that another could be selected at access token issuance.
author Kim Alvefur <zash@zash.se>
date Sun, 07 May 2023 19:06:37 +0200
parents aa068449b0b6
children b45d9a81b3da
comparison
equal deleted inserted replaced
5422:72f23107beb4 5423:5b2352dda31f
135 granted_scopes, requested_roles = split_scopes(parse_scopes(requested_scope_string)); 135 granted_scopes, requested_roles = split_scopes(parse_scopes(requested_scope_string));
136 else 136 else
137 granted_scopes = array(); 137 granted_scopes = array();
138 end 138 end
139 139
140 if requested_roles then
141 granted_scopes:append(array.filter(requested_roles, function(role)
142 return can_assume_role(username, role)
143 end));
144 end
145
140 local selected_role = select_role(username, requested_roles); 146 local selected_role = select_role(username, requested_roles);
141 granted_scopes:push(selected_role);
142 147
143 return granted_scopes:concat(" "), selected_role; 148 return granted_scopes:concat(" "), selected_role;
144 end 149 end
145 150
146 local function code_expires_in(code) --> number, seconds until code expires 151 local function code_expires_in(code) --> number, seconds until code expires