Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 5450:d2594bbf7c36
mod_http_oauth2: Scope FIXMEs
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 11 May 2023 21:43:23 +0200 |
parents | 9c19a6b8e542 |
children | 6705f2a09702 |
comparison
equal
deleted
inserted
replaced
5449:9c19a6b8e542 | 5450:d2594bbf7c36 |
---|---|
366 function grant_type_handlers.authorization_code(params) | 366 function grant_type_handlers.authorization_code(params) |
367 if not params.client_id then return oauth_error("invalid_request", "missing 'client_id'"); end | 367 if not params.client_id then return oauth_error("invalid_request", "missing 'client_id'"); end |
368 if not params.client_secret then return oauth_error("invalid_request", "missing 'client_secret'"); end | 368 if not params.client_secret then return oauth_error("invalid_request", "missing 'client_secret'"); end |
369 if not params.code then return oauth_error("invalid_request", "missing 'code'"); end | 369 if not params.code then return oauth_error("invalid_request", "missing 'code'"); end |
370 if params.scope and params.scope ~= "" then | 370 if params.scope and params.scope ~= "" then |
371 -- FIXME allow a subset of granted scopes | |
371 return oauth_error("invalid_scope", "unknown scope requested"); | 372 return oauth_error("invalid_scope", "unknown scope requested"); |
372 end | 373 end |
373 | 374 |
374 local client_ok, client = jwt_verify(params.client_id); | 375 local client_ok, client = jwt_verify(params.client_id); |
375 if not client_ok then | 376 if not client_ok then |
542 function grant_type_handlers.password(params) | 543 function grant_type_handlers.password(params) |
543 local request_jid = assert(params.username, oauth_error("invalid_request", "missing 'username' (JID)")); | 544 local request_jid = assert(params.username, oauth_error("invalid_request", "missing 'username' (JID)")); |
544 local request_password = assert(params.password, oauth_error("invalid_request", "missing 'password'")); | 545 local request_password = assert(params.password, oauth_error("invalid_request", "missing 'password'")); |
545 local request_username, request_host, request_resource = jid.prepped_split(request_jid); | 546 local request_username, request_host, request_resource = jid.prepped_split(request_jid); |
546 if params.scope then | 547 if params.scope then |
548 -- TODO shouldn't we support scopes / roles here? | |
547 return oauth_error("invalid_scope", "unknown scope requested"); | 549 return oauth_error("invalid_scope", "unknown scope requested"); |
548 end | 550 end |
549 if not request_host or request_host ~= module.host then | 551 if not request_host or request_host ~= module.host then |
550 return oauth_error("invalid_request", "invalid JID"); | 552 return oauth_error("invalid_request", "invalid JID"); |
551 end | 553 end |