Mercurial > prosody-modules
diff mod_http_oauth2/mod_http_oauth2.lua @ 5280:eb482defd9b0
mod_http_oauth2: Update to use new API of Prosody mod_tokenauth @ 601d9a375b86
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Mon, 27 Mar 2023 18:51:12 +0100 |
parents | 2b858cccac8f |
children | 53c6f49dcbb8 |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Fri Mar 24 14:29:07 2023 +0000 +++ b/mod_http_oauth2/mod_http_oauth2.lua Mon Mar 27 18:51:12 2023 +0100 @@ -165,22 +165,19 @@ end local refresh_token; - local access_token, access_token_info - -- No existing refresh token, and we're issuing a time-limited access token? - -- Create a refresh token (unless refresh_token_info == false) - if refresh_token_info == false or not default_access_ttl then - -- Caller does not want a refresh token, or access tokens are not configured to expire - -- So, just create a standalone access token - access_token, access_token_info = tokens.create_jid_token(token_jid, token_jid, role, default_access_ttl, token_data, "oauth2"); + local grant = refresh_token_info and refresh_token_info.grant; + if not grant then + -- No existing grant, create one + grant = tokens.create_grant(token_jid, token_jid, default_refresh_ttl, token_data); + -- Create refresh token for the grant if desired + refresh_token = refresh_token_info ~= false and tokens.create_token(token_jid, grant, nil, nil, "oauth2-refresh"); else - -- We're issuing both a refresh and an access token - if not refresh_token_info then - refresh_token, refresh_token_info = tokens.create_jid_token(token_jid, token_jid, role, default_refresh_ttl, token_data, "oauth2-refresh"); - else - refresh_token = refresh_token_info.token; - end - access_token, access_token_info = tokens.create_sub_token(token_jid, refresh_token_info.id, role, default_access_ttl, token_data, "oauth2"); + -- Grant exists, reuse existing refresh token + refresh_token = refresh_token_info.token; end + + local access_token, access_token_info = tokens.create_token(token_jid, grant, role, default_access_ttl, "oauth2"); + local expires_at = access_token_info.expires; return { token_type = "bearer"; @@ -188,7 +185,7 @@ expires_in = expires_at and (expires_at - os.time()) or nil; scope = scope_string; id_token = id_token; - refresh_token = refresh_token; + refresh_token = refresh_token or nil; }; end @@ -366,7 +363,9 @@ -- new_access_token() requires the actual token refresh_token_info.token = params.refresh_token; - return json.encode(new_access_token(token_info.jid, token_info.role, token_info.data.oauth2_scopes, client, nil, token_info)); + return json.encode(new_access_token( + refresh_token_info.jid, refresh_token_info.role, refresh_token_info.data.oauth2_scopes, client, nil, refresh_token_info + )); end -- Used to issue/verify short-lived tokens for the authorization process below