Mercurial > prosody-modules

comparison mod_http_oauth2/mod_http_oauth2.lua @ 5465:66e13e79928b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Note about partial OpenID Discovery implementation Notably we don't have an JSON Web Key Set, since we use the client secret in the HS256 algorithm.
author Kim Alvefur <zash@zash.se>
date Wed, 17 May 2023 17:56:56 +0200
parents dacde53467f3
children 398d936e77fb
comparison
equal deleted inserted replaced
5464:2a11f590c5c8 5465:66e13e79928b
1072 body = json.encode { 1072 body = json.encode {
1073 -- RFC 8414: OAuth 2.0 Authorization Server Metadata 1073 -- RFC 8414: OAuth 2.0 Authorization Server Metadata
1074 issuer = get_issuer(); 1074 issuer = get_issuer();
1075 authorization_endpoint = handle_authorization_request and module:http_url() .. "/authorize" or nil; 1075 authorization_endpoint = handle_authorization_request and module:http_url() .. "/authorize" or nil;
1076 token_endpoint = handle_token_grant and module:http_url() .. "/token" or nil; 1076 token_endpoint = handle_token_grant and module:http_url() .. "/token" or nil;
1077 jwks_uri = nil; -- TODO?
1078 registration_endpoint = handle_register_request and module:http_url() .. "/register" or nil; 1077 registration_endpoint = handle_register_request and module:http_url() .. "/register" or nil;
1079 scopes_supported = usermanager.get_all_roles and array(it.keys(usermanager.get_all_roles(module.host))):append(array(openid_claims:items())); 1078 scopes_supported = usermanager.get_all_roles and array(it.keys(usermanager.get_all_roles(module.host))):append(array(openid_claims:items()));
1080 response_types_supported = array(it.keys(response_type_handlers)); 1079 response_types_supported = array(it.keys(response_type_handlers));
1081 token_endpoint_auth_methods_supported = array({ "client_secret_post"; "client_secret_basic" }); 1080 token_endpoint_auth_methods_supported = array({ "client_secret_post"; "client_secret_basic" });
1082 op_policy_uri = module:get_option_string("oauth2_policy_url", nil); 1081 op_policy_uri = module:get_option_string("oauth2_policy_url", nil);
1089 authorization_response_iss_parameter_supported = true; 1088 authorization_response_iss_parameter_supported = true;
1090 service_documentation = module:get_option_string("oauth2_service_documentation", "https://modules.prosody.im/mod_http_oauth2.html"); 1089 service_documentation = module:get_option_string("oauth2_service_documentation", "https://modules.prosody.im/mod_http_oauth2.html");
1091 1090
1092 -- OpenID 1091 -- OpenID
1093 userinfo_endpoint = handle_register_request and module:http_url() .. "/userinfo" or nil; 1092 userinfo_endpoint = handle_register_request and module:http_url() .. "/userinfo" or nil;
1094 id_token_signing_alg_values_supported = { "HS256" }; 1093 jwks_uri = nil; -- REQUIRED in OpenID Discovery but not in OAuth 2.0 Metadata
1094 id_token_signing_alg_values_supported = { "HS256" }; -- The algorithm RS256 MUST be included, but we use HS256 and client_secret as shared key.
1095 }; 1095 };
1096 }; 1096 };
1097 }; 1097 };
1098 }); 1098 });
1099 1099