diff mod_auth_oauth_external/mod_auth_oauth_external.lua @ 5435:b3e7886fea6a

mod_auth_oauth_external: Add setting for client_secret Whether this is needed may vary by OAuth provider. Mastodon for example requires it.
author Kim Alvefur <zash@zash.se>
date Mon, 08 May 2023 20:12:43 +0200
parents 92ad8f03f225
children e7d99bacd0e8
line wrap: on
line diff
--- a/mod_auth_oauth_external/mod_auth_oauth_external.lua	Mon May 08 20:01:34 2023 +0200
+++ b/mod_auth_oauth_external/mod_auth_oauth_external.lua	Mon May 08 20:12:43 2023 +0200
@@ -16,7 +16,7 @@
 -- XXX Hold up, does whatever done here even need any of these things? Are we
 -- the OAuth client? Is the XMPP client the OAuth client? What are we???
 local client_id = module:get_option_string("oauth_external_client_id");
--- TODO -- local client_secret = module:get_option_string("oauth_external_client_secret");
+local client_secret = module:get_option_string("oauth_external_client_secret");
 
 --[[ More or less required endpoints
 digraph "oauth endpoints" {
@@ -41,6 +41,7 @@
 				body = http.formencode({
 					grant_type = "password";
 					client_id = client_id;
+					client_secret = client_secret;
 					username = map_username(username, realm);
 					password = password;
 					scope = "openid";