Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 5770:990c6adc4407
mod_http_oauth2: Move some code earlier
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Mon, 04 Dec 2023 21:07:54 +0100 |
parents | a967bb4972c5 |
children | 72799c330986 |
comparison
equal
deleted
inserted
replaced
5769:bb4335c8f500 | 5770:990c6adc4407 |
---|---|
1418 return nil, oauth_error("invalid_client_metadata", "No allowed 'grant_types' specified"); | 1418 return nil, oauth_error("invalid_client_metadata", "No allowed 'grant_types' specified"); |
1419 elseif set.intersection(response_types, allowed_response_type_handlers):empty() then | 1419 elseif set.intersection(response_types, allowed_response_type_handlers):empty() then |
1420 return nil, oauth_error("invalid_client_metadata", "No allowed 'response_types' specified"); | 1420 return nil, oauth_error("invalid_client_metadata", "No allowed 'response_types' specified"); |
1421 end | 1421 end |
1422 | 1422 |
1423 -- Do we want to keep everything? | |
1424 local client_id = sign_client(client_metadata); | |
1425 | |
1426 client_metadata.client_id = client_id; | |
1427 client_metadata.client_id_issued_at = os.time(); | |
1428 | |
1429 if client_metadata.token_endpoint_auth_method ~= "none" then | 1423 if client_metadata.token_endpoint_auth_method ~= "none" then |
1430 -- Ensure that each client_id JWT with a client_secret is unique. | 1424 -- Ensure that each client_id JWT with a client_secret is unique. |
1431 -- A short ID along with the issued at timestamp should be sufficient to | 1425 -- A short ID along with the issued at timestamp should be sufficient to |
1432 -- rule out brute force attacks. | 1426 -- rule out brute force attacks. |
1433 -- Not needed for public clients without a secret, but those are expected | 1427 -- Not needed for public clients without a secret, but those are expected |
1434 -- to be uncommon since they can only do the insecure implicit flow. | 1428 -- to be uncommon since they can only do the insecure implicit flow. |
1435 client_metadata.nonce = id.short(); | 1429 client_metadata.nonce = id.short(); |
1436 | 1430 end |
1437 local client_secret = make_client_secret(client_id, client_metadata); | 1431 |
1432 -- Do we want to keep everything? | |
1433 local client_id = sign_client(client_metadata); | |
1434 | |
1435 client_metadata.client_id = client_id; | |
1436 client_metadata.client_id_issued_at = os.time(); | |
1437 | |
1438 if client_metadata.token_endpoint_auth_method ~= "none" then | |
1439 local client_secret = make_client_secret(client_id); | |
1438 client_metadata.client_secret = client_secret; | 1440 client_metadata.client_secret = client_secret; |
1439 client_metadata.client_secret_expires_at = 0; | 1441 client_metadata.client_secret_expires_at = 0; |
1440 | 1442 |
1441 if not registration_options.accept_expired then | 1443 if not registration_options.accept_expired then |
1442 client_metadata.client_secret_expires_at = client_metadata.client_id_issued_at + (registration_options.default_ttl or 3600); | 1444 client_metadata.client_secret_expires_at = client_metadata.client_id_issued_at + (registration_options.default_ttl or 3600); |