comparison mod_http_oauth2/mod_http_oauth2.lua @ 5400:71766a4a7322

mod_http_oauth2: Reduce line count of metadata construction More compact and readable than long if-then chains
author Kim Alvefur <zash@zash.se>
date Tue, 02 May 2023 16:14:22 +0200
parents 89c9e9bba60d
children c8d04ac200fc
comparison
equal deleted inserted replaced
5399:89c9e9bba60d 5400:71766a4a7322
17 local array = require "util.array"; 17 local array = require "util.array";
18 local st = require "util.stanza"; 18 local st = require "util.stanza";
19 19
20 local function b64url(s) 20 local function b64url(s)
21 return (base64.encode(s):gsub("[+/=]", { ["+"] = "-", ["/"] = "_", ["="] = "" })) 21 return (base64.encode(s):gsub("[+/=]", { ["+"] = "-", ["/"] = "_", ["="] = "" }))
22 end
23
24 local function tmap(t)
25 return function(k)
26 return t[k];
27 end
22 end 28 end
23 29
24 local function read_file(base_path, fn, required) 30 local function read_file(base_path, fn, required)
25 local f, err = io.open(base_path .. "/" .. fn); 31 local f, err = io.open(base_path .. "/" .. fn);
26 if not f then 32 if not f then
954 response_types_supported = array(it.keys(response_type_handlers)); 960 response_types_supported = array(it.keys(response_type_handlers));
955 token_endpoint_auth_methods_supported = array({ "client_secret_post"; "client_secret_basic" }); 961 token_endpoint_auth_methods_supported = array({ "client_secret_post"; "client_secret_basic" });
956 revocation_endpoint = handle_revocation_request and module:http_url() .. "/revoke" or nil; 962 revocation_endpoint = handle_revocation_request and module:http_url() .. "/revoke" or nil;
957 revocation_endpoint_auth_methods_supported = array({ "client_secret_basic" }); 963 revocation_endpoint_auth_methods_supported = array({ "client_secret_basic" });
958 code_challenge_methods_supported = array(it.keys(verifier_transforms)); 964 code_challenge_methods_supported = array(it.keys(verifier_transforms));
959 grant_types_supported = array(it.keys(response_type_handlers)):map(function(h) 965 grant_types_supported = array(it.keys(response_type_handlers)):map(tmap { token = "implicit"; code = "authorization_code" });
960 if h == "token" then 966 response_modes_supported = array(it.keys(response_type_handlers)):map(tmap { token = "fragment"; code = "query" });
961 return "implicit"
962 elseif h == "code" then
963 return "authorization_code"
964 end
965 end);
966 response_modes_supported = array(it.keys(response_type_handlers)):map(function(h)
967 if h == "token" then
968 return "fragment"
969 elseif h == "code" then
970 return "query"
971 end
972 end);
973 authorization_response_iss_parameter_supported = true; 967 authorization_response_iss_parameter_supported = true;
974 968
975 -- OpenID 969 -- OpenID
976 userinfo_endpoint = handle_register_request and module:http_url() .. "/userinfo" or nil; 970 userinfo_endpoint = handle_register_request and module:http_url() .. "/userinfo" or nil;
977 id_token_signing_alg_values_supported = { "HS256" }; 971 id_token_signing_alg_values_supported = { "HS256" };