view mod_audit_auth/mod_audit_auth.lua @ 5447:aa4828f040c5

mod_http_oauth2: Enforce client scope restrictions in authorization When registering a client, a scope field can be included as a promise to only ever use those. Here we enforce that promise, if given, ensuring a client can't request or be granted a scope it didn't provide in its registration. While currently there is no restrictions at registration time, this could be changed in the future in various ways.
author Kim Alvefur <zash@zash.se>
date Thu, 11 May 2023 19:33:44 +0200
parents 08dea42a302a
children b357ff3d0c8a
line wrap: on
line source

module:depends("audit");
-- luacheck: read globals module.audit

module:hook("authentication-failure", function(event)
	local session = event.session;
	module:audit(session.sasl_handler.username, "authentication-failure", {
		session = session,
	});
end)

module:hook("authentication-success", function(event)
	local session = event.session;
	module:audit(session.sasl_handler.username, "authentication-success", {
		session = session,
	});
end)