Mercurial > prosody-modules
view mod_auth_pam/mod_auth_pam.lua @ 5255:001c8fdc91a4
mod_http_oauth2: Add support for the "openid" scope
This "openid" scope is there to signal access to the userinfo endpoint,
which is needed for OIDC support.
We don't actually check this later because the userinfo endpoint only
returns info embedded in the token itself, but in the future we may want
to check this more carefully.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 16 Mar 2023 17:06:35 +0100 |
parents | 57bb2497fadc |
children |
line wrap: on
line source
-- PAM authentication for Prosody -- Copyright (C) 2013 Kim Alvefur -- -- Requires https://github.com/devurandom/lua-pam -- and LuaPosix local posix = require "posix"; local pam = require "pam"; local new_sasl = require "util.sasl".new; function user_exists(username) return not not posix.getpasswd(username); end function test_password(username, password) local h, err = pam.start("xmpp", username, { function (t) if #t == 1 and t[1][1] == pam.PROMPT_ECHO_OFF then return { { password, 0} }; end end }); if h and h:authenticate() and h:endx(pam.SUCCESS) then return user_exists(username), true; end return nil, true; end function get_sasl_handler() return new_sasl(module.host, { plain_test = function(sasl, ...) return test_password(...) end }); end module:provides"auth";