Mercurial > prosody-modules

comparison mod_http_oauth2/mod_http_oauth2.lua @ 5665:bbde136a4c29

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Include 'amr' claim in ID Token This essentially just says "password authentication was used". This field could later be used to indicate whether e.g. MFA was used.
author Kim Alvefur <zash@zash.se>
date Thu, 28 Sep 2023 16:38:29 +0200
parents d67980d9e12d
children b43c989fb69c
comparison
equal deleted inserted replaced
5664:4b052598e435 5665:bbde136a4c29
637 end 637 end
638 return { 638 return {
639 user = { 639 user = {
640 username = username; 640 username = username;
641 host = module.host; 641 host = module.host;
642 token = new_user_token({ username = username; host = module.host; auth_time = os.time() }); 642 token = new_user_token({ username = username; host = module.host; auth_time = os.time(); amr = { "pwd" } });
643 }; 643 };
644 }; 644 };
645 elseif form.user_token and form.consent then 645 elseif form.user_token and form.consent then
646 -- Second step: consent 646 -- Second step: consent
647 local ok, user = verify_user_token(form.user_token); 647 local ok, user = verify_user_token(form.user_token);
923 iss = get_issuer(); 923 iss = get_issuer();
924 sub = url.build({ scheme = "xmpp"; path = user_jid }); 924 sub = url.build({ scheme = "xmpp"; path = user_jid });
925 aud = params.client_id; 925 aud = params.client_id;
926 auth_time = auth_state.user.auth_time; 926 auth_time = auth_state.user.auth_time;
927 nonce = params.nonce; 927 nonce = params.nonce;
928 amr = auth_state.user.amr;
928 }); 929 });
929 local response_type = params.response_type; 930 local response_type = params.response_type;
930 local response_handler = response_type_handlers[response_type]; 931 local response_handler = response_type_handlers[response_type];
931 if not response_handler then 932 if not response_handler then
932 return error_response(request, redirect_uri, oauth_error("unsupported_response_type")); 933 return error_response(request, redirect_uri, oauth_error("unsupported_response_type"));