Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 5207:c72e3b0914e8
mod_http_oauth: Factor out issuer URL calculation to a helper function
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Mon, 06 Mar 2023 09:40:17 +0000 |
parents | 31c62df82aa8 |
children | aaa64c647e12 |
comparison
equal
deleted
inserted
replaced
5206:31c62df82aa8 | 5207:c72e3b0914e8 |
---|---|
64 k, code = codes:tail(); | 64 k, code = codes:tail(); |
65 end | 65 end |
66 return code and code_expires_in(code) + 1 or 900; | 66 return code and code_expires_in(code) + 1 or 900; |
67 end) | 67 end) |
68 | 68 |
69 local function get_issuer() | |
70 return (module:http_url(nil, "/"):gsub("/$", "")); | |
71 end | |
72 | |
69 local function oauth_error(err_name, err_desc) | 73 local function oauth_error(err_name, err_desc) |
70 return errors.new({ | 74 return errors.new({ |
71 type = "modify"; | 75 type = "modify"; |
72 condition = "bad-request"; | 76 condition = "bad-request"; |
73 code = err_name == "invalid_client" and 401 or 400; | 77 code = err_name == "invalid_client" and 401 or 400; |
157 local redirect = url.parse(redirect_uri); | 161 local redirect = url.parse(redirect_uri); |
158 | 162 |
159 local query = http.formdecode(redirect.query or ""); | 163 local query = http.formdecode(redirect.query or ""); |
160 if type(query) ~= "table" then query = {}; end | 164 if type(query) ~= "table" then query = {}; end |
161 table.insert(query, { name = "code", value = code }); | 165 table.insert(query, { name = "code", value = code }); |
162 table.insert(query, { name = "iss", value = module:http_url(nil, "/"):gsub("/$", "") }); | 166 table.insert(query, { name = "iss", value = get_issuer() }); |
163 if params.state then | 167 if params.state then |
164 table.insert(query, { name = "state", value = params.state }); | 168 table.insert(query, { name = "state", value = params.state }); |
165 end | 169 end |
166 redirect.query = http.formencode(query); | 170 redirect.query = http.formencode(query); |
167 | 171 |
472 default_path = "/.well-known/oauth-authorization-server"; | 476 default_path = "/.well-known/oauth-authorization-server"; |
473 route = { | 477 route = { |
474 ["GET"] = { | 478 ["GET"] = { |
475 headers = { content_type = "application/json" }; | 479 headers = { content_type = "application/json" }; |
476 body = json.encode { | 480 body = json.encode { |
477 issuer = module:http_url(nil, "/"):gsub("/$", ""); | 481 issuer = get_issuer(); |
478 authorization_endpoint = handle_authorization_request and module:http_url() .. "/authorize" or nil; | 482 authorization_endpoint = handle_authorization_request and module:http_url() .. "/authorize" or nil; |
479 token_endpoint = handle_token_grant and module:http_url() .. "/token" or nil; | 483 token_endpoint = handle_token_grant and module:http_url() .. "/token" or nil; |
480 jwks_uri = nil; -- TODO? | 484 jwks_uri = nil; -- TODO? |
481 registration_endpoint = handle_register_request and module:http_url() .. "/register" or nil; | 485 registration_endpoint = handle_register_request and module:http_url() .. "/register" or nil; |
482 scopes_supported = usermanager.get_all_roles and array(it.keys(usermanager.get_all_roles(module.host))) | 486 scopes_supported = usermanager.get_all_roles and array(it.keys(usermanager.get_all_roles(module.host))) |