view mod_invites_tracking/mod_invites_tracking.lua @ 5796:93d6e9026c1b

mod_http_oauth2: Do not enforce PKCE on Device and OOB flows PKCE does not appear to be used with the Device flow. I have found no mention of any interaction between those standards. Since no data is delivered via redirects in these cases, PKCE may not serve any purpose. This is mostly a problem because we reuse the authorization code to implement the Device and OOB flows.
author Kim Alvefur <zash@zash.se>
date Fri, 15 Dec 2023 12:10:07 +0100
parents 32f1f18f4874
children cb3b2fbf57e7
line wrap: on
line source

local tracking_store = module:open_store("invites_tracking");

module:hook("user-registered", function(event)
	local validated_invite = event.validated_invite or (event.session and event.session.validated_invite);
	local new_username = event.username;

	local invite_id = nil;
	local invite_source = nil;
	if validated_invite then
		invite_source = validated_invite.additional_data and validated_invite.additional_data.source;
		invite_id = validated_invite.token;
	end

	tracking_store:set(new_username, {invite_id = validated_invite.token, invite_source = invite_source});
	module:log("debug", "recorded that invite from %s was used to create %s", invite_source, new_username)
end);

-- " " is an invalid localpart -> we can safely use it for store metadata
tracking_store:set(" ", {version="1"});