comparison mod_http_oauth2/mod_http_oauth2.lua @ 5207:c72e3b0914e8

mod_http_oauth: Factor out issuer URL calculation to a helper function
author Matthew Wild <mwild1@gmail.com>
date Mon, 06 Mar 2023 09:40:17 +0000
parents 31c62df82aa8
children aaa64c647e12
comparison
equal deleted inserted replaced
5206:31c62df82aa8 5207:c72e3b0914e8
64 k, code = codes:tail(); 64 k, code = codes:tail();
65 end 65 end
66 return code and code_expires_in(code) + 1 or 900; 66 return code and code_expires_in(code) + 1 or 900;
67 end) 67 end)
68 68
69 local function get_issuer()
70 return (module:http_url(nil, "/"):gsub("/$", ""));
71 end
72
69 local function oauth_error(err_name, err_desc) 73 local function oauth_error(err_name, err_desc)
70 return errors.new({ 74 return errors.new({
71 type = "modify"; 75 type = "modify";
72 condition = "bad-request"; 76 condition = "bad-request";
73 code = err_name == "invalid_client" and 401 or 400; 77 code = err_name == "invalid_client" and 401 or 400;
157 local redirect = url.parse(redirect_uri); 161 local redirect = url.parse(redirect_uri);
158 162
159 local query = http.formdecode(redirect.query or ""); 163 local query = http.formdecode(redirect.query or "");
160 if type(query) ~= "table" then query = {}; end 164 if type(query) ~= "table" then query = {}; end
161 table.insert(query, { name = "code", value = code }); 165 table.insert(query, { name = "code", value = code });
162 table.insert(query, { name = "iss", value = module:http_url(nil, "/"):gsub("/$", "") }); 166 table.insert(query, { name = "iss", value = get_issuer() });
163 if params.state then 167 if params.state then
164 table.insert(query, { name = "state", value = params.state }); 168 table.insert(query, { name = "state", value = params.state });
165 end 169 end
166 redirect.query = http.formencode(query); 170 redirect.query = http.formencode(query);
167 171
472 default_path = "/.well-known/oauth-authorization-server"; 476 default_path = "/.well-known/oauth-authorization-server";
473 route = { 477 route = {
474 ["GET"] = { 478 ["GET"] = {
475 headers = { content_type = "application/json" }; 479 headers = { content_type = "application/json" };
476 body = json.encode { 480 body = json.encode {
477 issuer = module:http_url(nil, "/"):gsub("/$", ""); 481 issuer = get_issuer();
478 authorization_endpoint = handle_authorization_request and module:http_url() .. "/authorize" or nil; 482 authorization_endpoint = handle_authorization_request and module:http_url() .. "/authorize" or nil;
479 token_endpoint = handle_token_grant and module:http_url() .. "/token" or nil; 483 token_endpoint = handle_token_grant and module:http_url() .. "/token" or nil;
480 jwks_uri = nil; -- TODO? 484 jwks_uri = nil; -- TODO?
481 registration_endpoint = handle_register_request and module:http_url() .. "/register" or nil; 485 registration_endpoint = handle_register_request and module:http_url() .. "/register" or nil;
482 scopes_supported = usermanager.get_all_roles and array(it.keys(usermanager.get_all_roles(module.host))) 486 scopes_supported = usermanager.get_all_roles and array(it.keys(usermanager.get_all_roles(module.host)))