comparison mod_http_oauth2/mod_http_oauth2.lua @ 5223:8b2a36847912

mod_http_oauth2: Support HTTP Basic auth on token endpoint This is described in RFC 6749 section 2.3.1 and draft-ietf-oauth-v2-1-07 2.3.1 as the recommended way to transmit the client's credentials. The older spec even calls it the "client password", but the new spec clarifies that this is just another term for the client secret.
author Matthew Wild <mwild1@gmail.com>
date Tue, 07 Mar 2023 15:27:50 +0000
parents 578a72982bb2
children cd5cf4cc6304
comparison
equal deleted inserted replaced
5222:578a72982bb2 5223:8b2a36847912
454 grant_type_handlers[handler_type] = nil; 454 grant_type_handlers[handler_type] = nil;
455 end 455 end
456 end 456 end
457 457
458 function handle_token_grant(event) 458 function handle_token_grant(event)
459 local credentials = get_request_credentials(event.request);
460
459 event.response.headers.content_type = "application/json"; 461 event.response.headers.content_type = "application/json";
460 local params = http.formdecode(event.request.body); 462 local params = http.formdecode(event.request.body);
461 if not params then 463 if not params then
462 return error_response(event.request, oauth_error("invalid_request")); 464 return error_response(event.request, oauth_error("invalid_request"));
463 end 465 end
466
467 if credentials.type == "basic" then
468 params.client_id = http.urldecode(credentials.username);
469 params.client_secret = http.urldecode(credentials.password);
470 end
471
464 local grant_type = params.grant_type 472 local grant_type = params.grant_type
465 local grant_handler = grant_type_handlers[grant_type]; 473 local grant_handler = grant_type_handlers[grant_type];
466 if not grant_handler then 474 if not grant_handler then
467 return error_response(event.request, oauth_error("unsupported_grant_type")); 475 return error_response(event.request, oauth_error("unsupported_grant_type"));
468 end 476 end