comparison mod_auth_oauth_external/mod_auth_oauth_external.lua @ 5435:b3e7886fea6a

mod_auth_oauth_external: Add setting for client_secret Whether this is needed may vary by OAuth provider. Mastodon for example requires it.
author Kim Alvefur <zash@zash.se>
date Mon, 08 May 2023 20:12:43 +0200
parents 92ad8f03f225
children e7d99bacd0e8
comparison
equal deleted inserted replaced
5434:92ad8f03f225 5435:b3e7886fea6a
14 local allow_plain = module:get_option_boolean("oauth_external_resource_owner_password", true); 14 local allow_plain = module:get_option_boolean("oauth_external_resource_owner_password", true);
15 15
16 -- XXX Hold up, does whatever done here even need any of these things? Are we 16 -- XXX Hold up, does whatever done here even need any of these things? Are we
17 -- the OAuth client? Is the XMPP client the OAuth client? What are we??? 17 -- the OAuth client? Is the XMPP client the OAuth client? What are we???
18 local client_id = module:get_option_string("oauth_external_client_id"); 18 local client_id = module:get_option_string("oauth_external_client_id");
19 -- TODO -- local client_secret = module:get_option_string("oauth_external_client_secret"); 19 local client_secret = module:get_option_string("oauth_external_client_secret");
20 20
21 --[[ More or less required endpoints 21 --[[ More or less required endpoints
22 digraph "oauth endpoints" { 22 digraph "oauth endpoints" {
23 issuer -> discovery -> { registration validation } 23 issuer -> discovery -> { registration validation }
24 registration -> { client_id client_secret } 24 registration -> { client_id client_secret }
39 local tok, err = async.wait_for(self.profile.http_client:request(token_endpoint, { 39 local tok, err = async.wait_for(self.profile.http_client:request(token_endpoint, {
40 headers = { ["Content-Type"] = "application/x-www-form-urlencoded; charset=utf-8"; ["Accept"] = "application/json" }; 40 headers = { ["Content-Type"] = "application/x-www-form-urlencoded; charset=utf-8"; ["Accept"] = "application/json" };
41 body = http.formencode({ 41 body = http.formencode({
42 grant_type = "password"; 42 grant_type = "password";
43 client_id = client_id; 43 client_id = client_id;
44 client_secret = client_secret;
44 username = map_username(username, realm); 45 username = map_username(username, realm);
45 password = password; 46 password = password;
46 scope = "openid"; 47 scope = "openid";
47 }); 48 });
48 })) 49 }))