Mercurial > prosody-modules
comparison mod_auth_oauth_external/mod_auth_oauth_external.lua @ 5434:92ad8f03f225
mod_auth_oauth_external: Work without token validation endpoint
In this mode, only PLAIN is possible and the provided username is
assumed to be the XMPP localpart.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 08 May 2023 20:01:34 +0200 |
| parents | b40299bbdf14 |
| children | b3e7886fea6a |
comparison
equal
deleted
inserted
replaced
| 5433:b40299bbdf14 | 5434:92ad8f03f225 |
|---|---|
| 51 end | 51 end |
| 52 local token_resp = json.decode(tok.body); | 52 local token_resp = json.decode(tok.body); |
| 53 if not token_resp or string.lower(token_resp.token_type or "") ~= "bearer" then | 53 if not token_resp or string.lower(token_resp.token_type or "") ~= "bearer" then |
| 54 return false, nil; | 54 return false, nil; |
| 55 end | 55 end |
| 56 if not validation_endpoint then | |
| 57 -- We're not going to get more info, only the username | |
| 58 self.username = jid.escape(username); | |
| 59 self.token_info = token_resp; | |
| 60 return true, true; | |
| 61 end | |
| 56 local ret, err = async.wait_for(self.profile.http_client:request(validation_endpoint, | 62 local ret, err = async.wait_for(self.profile.http_client:request(validation_endpoint, |
| 57 { headers = { ["Authorization"] = "Bearer " .. token_resp.access_token; ["Accept"] = "application/json" } })); | 63 { headers = { ["Authorization"] = "Bearer " .. token_resp.access_token; ["Accept"] = "application/json" } })); |
| 58 if err then | 64 if err then |
| 59 return false, nil; | 65 return false, nil; |
| 60 end | 66 end |
| 71 self.role = response.role; | 77 self.role = response.role; |
| 72 self.token_info = response; | 78 self.token_info = response; |
| 73 return true, true; | 79 return true, true; |
| 74 end | 80 end |
| 75 end | 81 end |
| 76 function profile:oauthbearer(token) | 82 if validation_endpoint then |
| 77 if token == "" then | 83 function profile:oauthbearer(token) |
| 78 return false, nil, extra; | 84 if token == "" then |
| 85 return false, nil, extra; | |
| 86 end | |
| 87 | |
| 88 local ret, err = async.wait_for(self.profile.http_client:request(validation_endpoint, { | |
| 89 headers = { ["Authorization"] = "Bearer " .. token; ["Accept"] = "application/json" }; | |
| 90 })); | |
| 91 if err then | |
| 92 return false, nil, extra; | |
| 93 end | |
| 94 local response = ret and json.decode(ret.body); | |
| 95 if not (ret.code >= 200 and ret.code < 300) then | |
| 96 return false, nil, response or extra; | |
| 97 end | |
| 98 if type(response) ~= "table" or type(response[username_field]) ~= "string" then | |
| 99 return false, nil, nil; | |
| 100 end | |
| 101 | |
| 102 return response[username_field], true, response; | |
| 79 end | 103 end |
| 80 | |
| 81 local ret, err = async.wait_for(self.profile.http_client:request(validation_endpoint, | |
| 82 { headers = { ["Authorization"] = "Bearer " .. token; ["Accept"] = "application/json" } })); | |
| 83 if err then | |
| 84 return false, nil, extra; | |
| 85 end | |
| 86 local response = ret and json.decode(ret.body); | |
| 87 if not (ret.code >= 200 and ret.code < 300) then | |
| 88 return false, nil, response or extra; | |
| 89 end | |
| 90 if type(response) ~= "table" or type(response[username_field]) ~= "string" then | |
| 91 return false, nil, nil; | |
| 92 end | |
| 93 | |
| 94 return response[username_field], true, response; | |
| 95 end | 104 end |
| 96 return sasl.new(host, profile); | 105 return sasl.new(host, profile); |
| 97 end | 106 end |
| 98 | 107 |
| 99 module:provides("auth", provider); | 108 module:provides("auth", provider); |