Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 5420:aa068449b0b6
mod_http_oauth2: Bail out of implicit flow on invalid or missing redirect
Probably hasn't been tested, and maybe never will since it's disabled
and more or less deprecated in OAuth 2.1
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 06 May 2023 12:23:22 +0200 |
| parents | a0333176303c |
| children | 5b2352dda31f |
comparison
equal
deleted
inserted
replaced
| 5419:a0333176303c | 5420:aa068449b0b6 |
|---|---|
| 335 end | 335 end |
| 336 local granted_scopes, granted_role = filter_scopes(request_username, params.scope); | 336 local granted_scopes, granted_role = filter_scopes(request_username, params.scope); |
| 337 local token_info = new_access_token(granted_jid, granted_role, granted_scopes, client, nil); | 337 local token_info = new_access_token(granted_jid, granted_role, granted_scopes, client, nil); |
| 338 | 338 |
| 339 local redirect = url.parse(get_redirect_uri(client, params.redirect_uri)); | 339 local redirect = url.parse(get_redirect_uri(client, params.redirect_uri)); |
| 340 if not redirect then return 400; end | |
| 340 token_info.state = params.state; | 341 token_info.state = params.state; |
| 341 redirect.fragment = http.formencode(token_info); | 342 redirect.fragment = http.formencode(token_info); |
| 342 | 343 |
| 343 return { | 344 return { |
| 344 status_code = 303; | 345 status_code = 303; |