Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 5450:d2594bbf7c36
mod_http_oauth2: Scope FIXMEs
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 11 May 2023 21:43:23 +0200 |
| parents | 9c19a6b8e542 |
| children | 6705f2a09702 |
comparison
equal
deleted
inserted
replaced
| 5449:9c19a6b8e542 | 5450:d2594bbf7c36 |
|---|---|
| 366 function grant_type_handlers.authorization_code(params) | 366 function grant_type_handlers.authorization_code(params) |
| 367 if not params.client_id then return oauth_error("invalid_request", "missing 'client_id'"); end | 367 if not params.client_id then return oauth_error("invalid_request", "missing 'client_id'"); end |
| 368 if not params.client_secret then return oauth_error("invalid_request", "missing 'client_secret'"); end | 368 if not params.client_secret then return oauth_error("invalid_request", "missing 'client_secret'"); end |
| 369 if not params.code then return oauth_error("invalid_request", "missing 'code'"); end | 369 if not params.code then return oauth_error("invalid_request", "missing 'code'"); end |
| 370 if params.scope and params.scope ~= "" then | 370 if params.scope and params.scope ~= "" then |
| 371 -- FIXME allow a subset of granted scopes | |
| 371 return oauth_error("invalid_scope", "unknown scope requested"); | 372 return oauth_error("invalid_scope", "unknown scope requested"); |
| 372 end | 373 end |
| 373 | 374 |
| 374 local client_ok, client = jwt_verify(params.client_id); | 375 local client_ok, client = jwt_verify(params.client_id); |
| 375 if not client_ok then | 376 if not client_ok then |
| 542 function grant_type_handlers.password(params) | 543 function grant_type_handlers.password(params) |
| 543 local request_jid = assert(params.username, oauth_error("invalid_request", "missing 'username' (JID)")); | 544 local request_jid = assert(params.username, oauth_error("invalid_request", "missing 'username' (JID)")); |
| 544 local request_password = assert(params.password, oauth_error("invalid_request", "missing 'password'")); | 545 local request_password = assert(params.password, oauth_error("invalid_request", "missing 'password'")); |
| 545 local request_username, request_host, request_resource = jid.prepped_split(request_jid); | 546 local request_username, request_host, request_resource = jid.prepped_split(request_jid); |
| 546 if params.scope then | 547 if params.scope then |
| 548 -- TODO shouldn't we support scopes / roles here? | |
| 547 return oauth_error("invalid_scope", "unknown scope requested"); | 549 return oauth_error("invalid_scope", "unknown scope requested"); |
| 548 end | 550 end |
| 549 if not request_host or request_host ~= module.host then | 551 if not request_host or request_host ~= module.host then |
| 550 return oauth_error("invalid_request", "invalid JID"); | 552 return oauth_error("invalid_request", "invalid JID"); |
| 551 end | 553 end |