Mercurial > prosody-modules
view mod_auth_token/mod_auth_token.lua @ 4270:243f7b0dbf35
mod_http_oauth2: Reduce authorization code validity time to 2 minutes
RFC 6749 states
> A maximum authorization code lifetime of 10 minutes is RECOMMENDED.
So 15 minutes was way too long. I was thinking 5 minutes at first but
since this should generally be instant, I settled on 2 minutes as a
large guesstimate on how slow it might be on slow links.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 22 Nov 2020 18:46:25 +0100 |
| parents | 0fb12a4b6106 |
| children |
line wrap: on
line source
-- Copyright (C) 2018 Minddistrict -- -- This file is MIT/X11 licensed. -- local host = module.host; local log = module._log; local new_sasl = require "util.sasl".new; local usermanager = require "core.usermanager"; local verify_token = module:require "token_auth_utils".verify_token; local provider = {}; function provider.test_password(username, password) log("debug", "Testing signed OTP for user %s at host %s", username, host); return verify_token( username, password, module:get_option_string("otp_seed"), module:get_option_string("token_secret"), log ); end function provider.users() return function() return nil; end end function provider.set_password(username, password) return nil, "Changing passwords not supported"; end function provider.user_exists(username) return true; end function provider.create_user(username, password) return nil, "User creation not supported"; end function provider.delete_user(username) return nil , "User deletion not supported"; end function provider.get_sasl_handler() local supported_mechanisms = {}; supported_mechanisms["X-TOKEN"] = true; return new_sasl(host, { token = function(sasl, username, password, realm) return usermanager.test_password(username, realm, password), true; end, mechanisms = supported_mechanisms }); end module:provides("auth", provider);