Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 5280:eb482defd9b0
mod_http_oauth2: Update to use new API of Prosody mod_tokenauth @ 601d9a375b86
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Mon, 27 Mar 2023 18:51:12 +0100 |
parents | 2b858cccac8f |
children | 53c6f49dcbb8 |
comparison
equal
deleted
inserted
replaced
5279:2b858cccac8f | 5280:eb482defd9b0 |
---|---|
163 if next(token_data) == nil then | 163 if next(token_data) == nil then |
164 token_data = nil; | 164 token_data = nil; |
165 end | 165 end |
166 | 166 |
167 local refresh_token; | 167 local refresh_token; |
168 local access_token, access_token_info | 168 local grant = refresh_token_info and refresh_token_info.grant; |
169 -- No existing refresh token, and we're issuing a time-limited access token? | 169 if not grant then |
170 -- Create a refresh token (unless refresh_token_info == false) | 170 -- No existing grant, create one |
171 if refresh_token_info == false or not default_access_ttl then | 171 grant = tokens.create_grant(token_jid, token_jid, default_refresh_ttl, token_data); |
172 -- Caller does not want a refresh token, or access tokens are not configured to expire | 172 -- Create refresh token for the grant if desired |
173 -- So, just create a standalone access token | 173 refresh_token = refresh_token_info ~= false and tokens.create_token(token_jid, grant, nil, nil, "oauth2-refresh"); |
174 access_token, access_token_info = tokens.create_jid_token(token_jid, token_jid, role, default_access_ttl, token_data, "oauth2"); | |
175 else | 174 else |
176 -- We're issuing both a refresh and an access token | 175 -- Grant exists, reuse existing refresh token |
177 if not refresh_token_info then | 176 refresh_token = refresh_token_info.token; |
178 refresh_token, refresh_token_info = tokens.create_jid_token(token_jid, token_jid, role, default_refresh_ttl, token_data, "oauth2-refresh"); | 177 end |
179 else | 178 |
180 refresh_token = refresh_token_info.token; | 179 local access_token, access_token_info = tokens.create_token(token_jid, grant, role, default_access_ttl, "oauth2"); |
181 end | 180 |
182 access_token, access_token_info = tokens.create_sub_token(token_jid, refresh_token_info.id, role, default_access_ttl, token_data, "oauth2"); | |
183 end | |
184 local expires_at = access_token_info.expires; | 181 local expires_at = access_token_info.expires; |
185 return { | 182 return { |
186 token_type = "bearer"; | 183 token_type = "bearer"; |
187 access_token = access_token; | 184 access_token = access_token; |
188 expires_in = expires_at and (expires_at - os.time()) or nil; | 185 expires_in = expires_at and (expires_at - os.time()) or nil; |
189 scope = scope_string; | 186 scope = scope_string; |
190 id_token = id_token; | 187 id_token = id_token; |
191 refresh_token = refresh_token; | 188 refresh_token = refresh_token or nil; |
192 }; | 189 }; |
193 end | 190 end |
194 | 191 |
195 local function get_redirect_uri(client, query_redirect_uri) -- record client, string : string | 192 local function get_redirect_uri(client, query_redirect_uri) -- record client, string : string |
196 if not query_redirect_uri then | 193 if not query_redirect_uri then |
364 end | 361 end |
365 | 362 |
366 -- new_access_token() requires the actual token | 363 -- new_access_token() requires the actual token |
367 refresh_token_info.token = params.refresh_token; | 364 refresh_token_info.token = params.refresh_token; |
368 | 365 |
369 return json.encode(new_access_token(token_info.jid, token_info.role, token_info.data.oauth2_scopes, client, nil, token_info)); | 366 return json.encode(new_access_token( |
367 refresh_token_info.jid, refresh_token_info.role, refresh_token_info.data.oauth2_scopes, client, nil, refresh_token_info | |
368 )); | |
370 end | 369 end |
371 | 370 |
372 -- Used to issue/verify short-lived tokens for the authorization process below | 371 -- Used to issue/verify short-lived tokens for the authorization process below |
373 local new_user_token, verify_user_token = jwt.init("HS256", random.bytes(32), nil, { default_ttl = 600 }); | 372 local new_user_token, verify_user_token = jwt.init("HS256", random.bytes(32), nil, { default_ttl = 600 }); |
374 | 373 |