Mercurial > prosody-modules
comparison mod_auth_oauth_external/mod_auth_oauth_external.lua @ 5435:b3e7886fea6a
mod_auth_oauth_external: Add setting for client_secret
Whether this is needed may vary by OAuth provider. Mastodon for example
requires it.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 08 May 2023 20:12:43 +0200 |
| parents | 92ad8f03f225 |
| children | e7d99bacd0e8 |
comparison
equal
deleted
inserted
replaced
| 5434:92ad8f03f225 | 5435:b3e7886fea6a |
|---|---|
| 14 local allow_plain = module:get_option_boolean("oauth_external_resource_owner_password", true); | 14 local allow_plain = module:get_option_boolean("oauth_external_resource_owner_password", true); |
| 15 | 15 |
| 16 -- XXX Hold up, does whatever done here even need any of these things? Are we | 16 -- XXX Hold up, does whatever done here even need any of these things? Are we |
| 17 -- the OAuth client? Is the XMPP client the OAuth client? What are we??? | 17 -- the OAuth client? Is the XMPP client the OAuth client? What are we??? |
| 18 local client_id = module:get_option_string("oauth_external_client_id"); | 18 local client_id = module:get_option_string("oauth_external_client_id"); |
| 19 -- TODO -- local client_secret = module:get_option_string("oauth_external_client_secret"); | 19 local client_secret = module:get_option_string("oauth_external_client_secret"); |
| 20 | 20 |
| 21 --[[ More or less required endpoints | 21 --[[ More or less required endpoints |
| 22 digraph "oauth endpoints" { | 22 digraph "oauth endpoints" { |
| 23 issuer -> discovery -> { registration validation } | 23 issuer -> discovery -> { registration validation } |
| 24 registration -> { client_id client_secret } | 24 registration -> { client_id client_secret } |
| 39 local tok, err = async.wait_for(self.profile.http_client:request(token_endpoint, { | 39 local tok, err = async.wait_for(self.profile.http_client:request(token_endpoint, { |
| 40 headers = { ["Content-Type"] = "application/x-www-form-urlencoded; charset=utf-8"; ["Accept"] = "application/json" }; | 40 headers = { ["Content-Type"] = "application/x-www-form-urlencoded; charset=utf-8"; ["Accept"] = "application/json" }; |
| 41 body = http.formencode({ | 41 body = http.formencode({ |
| 42 grant_type = "password"; | 42 grant_type = "password"; |
| 43 client_id = client_id; | 43 client_id = client_id; |
| 44 client_secret = client_secret; | |
| 44 username = map_username(username, realm); | 45 username = map_username(username, realm); |
| 45 password = password; | 46 password = password; |
| 46 scope = "openid"; | 47 scope = "openid"; |
| 47 }); | 48 }); |
| 48 })) | 49 })) |