mod_http_oauth2: Make note about handling repeated RFC 6749 states > If an authorization code is used more than once, the authorization > server MUST deny the request and SHOULD revoke (when possible) all > tokens previously issued based on that authorization code. We should follow the SHOULD. The MUST is already covered by removing the code state from the cache.

local actions = {};

function actions.auth(data)
	local user, host, pass = data:match("^([^:]+):([^:]+):(.+)$");
	if user == "someone" then
		return "1";
	end
end

for line in io.lines() do
	local action, data = line:match("^([^:]+)(.*)$");
	print(actions[action] and actions[action](data) or "0");
end