Mercurial > prosody-modules
comparison mod_auth_oauth_external/mod_auth_oauth_external.lua @ 5434:92ad8f03f225
mod_auth_oauth_external: Work without token validation endpoint
In this mode, only PLAIN is possible and the provided username is
assumed to be the XMPP localpart.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Mon, 08 May 2023 20:01:34 +0200 |
parents | b40299bbdf14 |
children | b3e7886fea6a |
comparison
equal
deleted
inserted
replaced
5433:b40299bbdf14 | 5434:92ad8f03f225 |
---|---|
51 end | 51 end |
52 local token_resp = json.decode(tok.body); | 52 local token_resp = json.decode(tok.body); |
53 if not token_resp or string.lower(token_resp.token_type or "") ~= "bearer" then | 53 if not token_resp or string.lower(token_resp.token_type or "") ~= "bearer" then |
54 return false, nil; | 54 return false, nil; |
55 end | 55 end |
56 if not validation_endpoint then | |
57 -- We're not going to get more info, only the username | |
58 self.username = jid.escape(username); | |
59 self.token_info = token_resp; | |
60 return true, true; | |
61 end | |
56 local ret, err = async.wait_for(self.profile.http_client:request(validation_endpoint, | 62 local ret, err = async.wait_for(self.profile.http_client:request(validation_endpoint, |
57 { headers = { ["Authorization"] = "Bearer " .. token_resp.access_token; ["Accept"] = "application/json" } })); | 63 { headers = { ["Authorization"] = "Bearer " .. token_resp.access_token; ["Accept"] = "application/json" } })); |
58 if err then | 64 if err then |
59 return false, nil; | 65 return false, nil; |
60 end | 66 end |
71 self.role = response.role; | 77 self.role = response.role; |
72 self.token_info = response; | 78 self.token_info = response; |
73 return true, true; | 79 return true, true; |
74 end | 80 end |
75 end | 81 end |
76 function profile:oauthbearer(token) | 82 if validation_endpoint then |
77 if token == "" then | 83 function profile:oauthbearer(token) |
78 return false, nil, extra; | 84 if token == "" then |
85 return false, nil, extra; | |
86 end | |
87 | |
88 local ret, err = async.wait_for(self.profile.http_client:request(validation_endpoint, { | |
89 headers = { ["Authorization"] = "Bearer " .. token; ["Accept"] = "application/json" }; | |
90 })); | |
91 if err then | |
92 return false, nil, extra; | |
93 end | |
94 local response = ret and json.decode(ret.body); | |
95 if not (ret.code >= 200 and ret.code < 300) then | |
96 return false, nil, response or extra; | |
97 end | |
98 if type(response) ~= "table" or type(response[username_field]) ~= "string" then | |
99 return false, nil, nil; | |
100 end | |
101 | |
102 return response[username_field], true, response; | |
79 end | 103 end |
80 | |
81 local ret, err = async.wait_for(self.profile.http_client:request(validation_endpoint, | |
82 { headers = { ["Authorization"] = "Bearer " .. token; ["Accept"] = "application/json" } })); | |
83 if err then | |
84 return false, nil, extra; | |
85 end | |
86 local response = ret and json.decode(ret.body); | |
87 if not (ret.code >= 200 and ret.code < 300) then | |
88 return false, nil, response or extra; | |
89 end | |
90 if type(response) ~= "table" or type(response[username_field]) ~= "string" then | |
91 return false, nil, nil; | |
92 end | |
93 | |
94 return response[username_field], true, response; | |
95 end | 104 end |
96 return sasl.new(host, profile); | 105 return sasl.new(host, profile); |
97 end | 106 end |
98 | 107 |
99 module:provides("auth", provider); | 108 module:provides("auth", provider); |