Mercurial > prosody-modules
view mod_s2s_whitelist/mod_s2s_whitelist.lua @ 5643:73c3d5bfce3e
mod_http_oauth2: Allow 'login_hint' as a substitute for OIDC 'select_account' prompt
If the OIDC 'prompt' parameter does not contain the 'select_account'
then it wants us to skip account selection, which means we have to
figure which account to authenticate somehow. One way could be have
this stored in a cookie from a previous successful login. Another way
would be to have the account passed as a hint, which is what we add
here.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 09 Sep 2023 21:42:24 +0200 |
parents | c1a8ce147885 |
children |
line wrap: on
line source
local st = require "util.stanza"; local whitelist = module:get_option_inherited_set("s2s_whitelist", {}); module:hook("route/remote", function (event) if not whitelist:contains(event.to_host) then module:send(st.error_reply(event.stanza, "cancel", "not-allowed", "Communication with this domain is restricted")); return true; end end, 100); module:hook("s2s-stream-features", function (event) if not whitelist:contains(event.origin.from_host) then event.origin:close({ condition = "policy-violation"; text = "Communication with this domain is restricted"; }); end end, 1000);