Mercurial > prosody-modules

comparison mod_http_oauth2/mod_http_oauth2.lua @ 5830:b109773ce6fe

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Reuse JWT issuance time as substitute for auth time Makes the token shorter. Since iat and auth_time are generated at about the same time they would only differ by a few microseconds anyway.
author Kim Alvefur <zash@zash.se>
date Wed, 24 Jan 2024 17:55:26 +0100
parents c75328aeaba3
children 761142ee0ff2
comparison
equal deleted inserted replaced
5829:1e28f32257d6 5830:b109773ce6fe
664 module:fire_event("authentication-success", auth_event); 664 module:fire_event("authentication-success", auth_event);
665 return { 665 return {
666 user = { 666 user = {
667 username = username; 667 username = username;
668 host = module.host; 668 host = module.host;
669 token = new_user_token({ username = username; host = module.host; auth_time = os.time(); amr = { "pwd" } }); 669 token = new_user_token({ username = username; host = module.host; amr = { "pwd" } });
670 }; 670 };
671 }; 671 };
672 elseif form.user_token and form.consent then 672 elseif form.user_token and form.consent then
673 -- Second step: consent 673 -- Second step: consent
674 local ok, user = verify_user_token(form.user_token); 674 local ok, user = verify_user_token(form.user_token);
966 local id_token_signer = jwt.new_signer("HS256", client_secret); 966 local id_token_signer = jwt.new_signer("HS256", client_secret);
967 local id_token = id_token_signer({ 967 local id_token = id_token_signer({
968 iss = get_issuer(); 968 iss = get_issuer();
969 sub = url.build({ scheme = "xmpp"; path = user_jid }); 969 sub = url.build({ scheme = "xmpp"; path = user_jid });
970 aud = params.client_id; 970 aud = params.client_id;
971 auth_time = auth_state.user.auth_time; 971 auth_time = auth_state.user.iat;
972 nonce = params.nonce; 972 nonce = params.nonce;
973 amr = auth_state.user.amr; 973 amr = auth_state.user.amr;
974 }); 974 });
975 local response_type = params.response_type; 975 local response_type = params.response_type;
976 local response_handler = response_type_handlers[response_type]; 976 local response_handler = response_type_handlers[response_type];