Mercurial > prosody-modules
diff mod_http_oauth2/mod_http_oauth2.lua @ 5510:a49d73e4262e
mod_http_oauth2: Add client verification wrapper function
Fixes the weird ok, data return format from util.jit, but the real
reason is to add some preparation steps here.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 02 Jun 2023 10:12:46 +0200 |
parents | ae007be8a6bd |
children | 0860497152af |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Fri Jun 02 08:59:59 2023 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Fri Jun 02 10:12:46 2023 +0200 @@ -97,6 +97,17 @@ sign_client, verify_client = jwt.init(registration_algo, registration_key, registration_key, registration_options); end +-- verify and prepare client structure +local function check_client(client_id) + if not verify_client then + return nil, "client-registration-not-enabled"; + end + + local ok, client = verify_client(client_id); + if not ok then return ok, client; end + return client; +end + -- scope : string | array | set -- -- at each step, allow the same or a subset of scopes @@ -409,8 +420,8 @@ return oauth_error("invalid_scope", "unknown scope requested"); end - local client_ok, client = verify_client(params.client_id); - if not client_ok then + local client = check_client(params.client_id); + if not client then return oauth_error("invalid_client", "incorrect credentials"); end @@ -444,8 +455,8 @@ if not params.client_secret then return oauth_error("invalid_request", "missing 'client_secret'"); end if not params.refresh_token then return oauth_error("invalid_request", "missing 'refresh_token'"); end - local client_ok, client = verify_client(params.client_id); - if not client_ok then + local client = check_client(params.client_id); + if not client then return oauth_error("invalid_client", "incorrect credentials"); end @@ -704,9 +715,9 @@ return render_error(oauth_error("invalid_request", "Missing 'client_id' parameter")); end - local ok, client = verify_client(params.client_id); + local client = check_client(params.client_id); - if not ok then + if not client then return render_error(oauth_error("invalid_request", "Invalid 'client_id' parameter")); end