Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 5207:c72e3b0914e8
mod_http_oauth: Factor out issuer URL calculation to a helper function
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 06 Mar 2023 09:40:17 +0000 |
| parents | 31c62df82aa8 |
| children | aaa64c647e12 |
comparison
equal
deleted
inserted
replaced
| 5206:31c62df82aa8 | 5207:c72e3b0914e8 |
|---|---|
| 64 k, code = codes:tail(); | 64 k, code = codes:tail(); |
| 65 end | 65 end |
| 66 return code and code_expires_in(code) + 1 or 900; | 66 return code and code_expires_in(code) + 1 or 900; |
| 67 end) | 67 end) |
| 68 | 68 |
| 69 local function get_issuer() | |
| 70 return (module:http_url(nil, "/"):gsub("/$", "")); | |
| 71 end | |
| 72 | |
| 69 local function oauth_error(err_name, err_desc) | 73 local function oauth_error(err_name, err_desc) |
| 70 return errors.new({ | 74 return errors.new({ |
| 71 type = "modify"; | 75 type = "modify"; |
| 72 condition = "bad-request"; | 76 condition = "bad-request"; |
| 73 code = err_name == "invalid_client" and 401 or 400; | 77 code = err_name == "invalid_client" and 401 or 400; |
| 157 local redirect = url.parse(redirect_uri); | 161 local redirect = url.parse(redirect_uri); |
| 158 | 162 |
| 159 local query = http.formdecode(redirect.query or ""); | 163 local query = http.formdecode(redirect.query or ""); |
| 160 if type(query) ~= "table" then query = {}; end | 164 if type(query) ~= "table" then query = {}; end |
| 161 table.insert(query, { name = "code", value = code }); | 165 table.insert(query, { name = "code", value = code }); |
| 162 table.insert(query, { name = "iss", value = module:http_url(nil, "/"):gsub("/$", "") }); | 166 table.insert(query, { name = "iss", value = get_issuer() }); |
| 163 if params.state then | 167 if params.state then |
| 164 table.insert(query, { name = "state", value = params.state }); | 168 table.insert(query, { name = "state", value = params.state }); |
| 165 end | 169 end |
| 166 redirect.query = http.formencode(query); | 170 redirect.query = http.formencode(query); |
| 167 | 171 |
| 472 default_path = "/.well-known/oauth-authorization-server"; | 476 default_path = "/.well-known/oauth-authorization-server"; |
| 473 route = { | 477 route = { |
| 474 ["GET"] = { | 478 ["GET"] = { |
| 475 headers = { content_type = "application/json" }; | 479 headers = { content_type = "application/json" }; |
| 476 body = json.encode { | 480 body = json.encode { |
| 477 issuer = module:http_url(nil, "/"):gsub("/$", ""); | 481 issuer = get_issuer(); |
| 478 authorization_endpoint = handle_authorization_request and module:http_url() .. "/authorize" or nil; | 482 authorization_endpoint = handle_authorization_request and module:http_url() .. "/authorize" or nil; |
| 479 token_endpoint = handle_token_grant and module:http_url() .. "/token" or nil; | 483 token_endpoint = handle_token_grant and module:http_url() .. "/token" or nil; |
| 480 jwks_uri = nil; -- TODO? | 484 jwks_uri = nil; -- TODO? |
| 481 registration_endpoint = handle_register_request and module:http_url() .. "/register" or nil; | 485 registration_endpoint = handle_register_request and module:http_url() .. "/register" or nil; |
| 482 scopes_supported = usermanager.get_all_roles and array(it.keys(usermanager.get_all_roles(module.host))) | 486 scopes_supported = usermanager.get_all_roles and array(it.keys(usermanager.get_all_roles(module.host))) |