prosody-modules: mod_http_oauth2/mod_http

comparison mod_http_oauth2/mod_http_oauth2.lua @ 5223:8b2a36847912

mod_http_oauth2: Support HTTP Basic auth on token endpoint This is described in RFC 6749 section 2.3.1 and draft-ietf-oauth-v2-1-07 2.3.1 as the recommended way to transmit the client's credentials. The older spec even calls it the "client password", but the new spec clarifies that this is just another term for the client secret.

author	Matthew Wild <mwild1@gmail.com>
date	Tue, 07 Mar 2023 15:27:50 +0000
parents	578a72982bb2
children	cd5cf4cc6304

comparison

equal deleted inserted replaced

-:578a72982bb2
+:8b2a36847912
 		grant_type_handlers[handler_type] = nil;
 	end
 end
 function handle_token_grant(event)
+	local credentials = get_request_credentials(event.request);
 	event.response.headers.content_type = "application/json";
 	local params = http.formdecode(event.request.body);
 	if not params then
 		return error_response(event.request, oauth_error("invalid_request"));
 	end
+	if credentials.type == "basic" then
+		params.client_id = http.urldecode(credentials.username);
+		params.client_secret = http.urldecode(credentials.password);
+	end
 	local grant_type = params.grant_type
 	local grant_handler = grant_type_handlers[grant_type];
 	if not grant_handler then
 		return error_response(event.request, oauth_error("unsupported_grant_type"));
 	end

Mercurial > prosody-modules

comparison mod_http_oauth2/mod_http_oauth2.lua @ 5223:8b2a36847912