Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 5628:9aace51c3637
mod_http_oauth2: Bail on invalid or expired device flow state token
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 04 Aug 2023 01:11:01 +0200 |
| parents | a44af1b646f5 |
| children | ef0a283507c9 |
comparison
equal
deleted
inserted
replaced
| 5627:3a5cf8d80089 | 5628:9aace51c3637 |
|---|---|
| 398 if params.redirect_uri == device_uri then | 398 if params.redirect_uri == device_uri then |
| 399 local is_device, device_state = verify_device_token(params.state); | 399 local is_device, device_state = verify_device_token(params.state); |
| 400 if is_device then | 400 if is_device then |
| 401 -- reconstruct the device_code | 401 -- reconstruct the device_code |
| 402 code = b64url(hashes.hmac_sha256(verification_key, device_state.user_code)); | 402 code = b64url(hashes.hmac_sha256(verification_key, device_state.user_code)); |
| 403 else | |
| 404 return oauth_error("invalid_request"); | |
| 403 end | 405 end |
| 404 end | 406 end |
| 405 local ok = codes:set("authorization_code:" .. params.client_id .. "#" .. code, { | 407 local ok = codes:set("authorization_code:" .. params.client_id .. "#" .. code, { |
| 406 expires = os.time() + 600; | 408 expires = os.time() + 600; |
| 407 granted_jid = granted_jid; | 409 granted_jid = granted_jid; |