Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 5423:5b2352dda31f
mod_http_oauth2: Include all granted roles in scopes
The client is allowed to request a subset of granted scopes, so it makes
sense to record all granted roles so that another could be selected at
access token issuance.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 07 May 2023 19:06:37 +0200 |
| parents | aa068449b0b6 |
| children | b45d9a81b3da |
comparison
equal
deleted
inserted
replaced
| 5422:72f23107beb4 | 5423:5b2352dda31f |
|---|---|
| 135 granted_scopes, requested_roles = split_scopes(parse_scopes(requested_scope_string)); | 135 granted_scopes, requested_roles = split_scopes(parse_scopes(requested_scope_string)); |
| 136 else | 136 else |
| 137 granted_scopes = array(); | 137 granted_scopes = array(); |
| 138 end | 138 end |
| 139 | 139 |
| 140 if requested_roles then | |
| 141 granted_scopes:append(array.filter(requested_roles, function(role) | |
| 142 return can_assume_role(username, role) | |
| 143 end)); | |
| 144 end | |
| 145 | |
| 140 local selected_role = select_role(username, requested_roles); | 146 local selected_role = select_role(username, requested_roles); |
| 141 granted_scopes:push(selected_role); | |
| 142 | 147 |
| 143 return granted_scopes:concat(" "), selected_role; | 148 return granted_scopes:concat(" "), selected_role; |
| 144 end | 149 end |
| 145 | 150 |
| 146 local function code_expires_in(code) --> number, seconds until code expires | 151 local function code_expires_in(code) --> number, seconds until code expires |