Mercurial > prosody-modules
view mod_auth_custom_http/mod_auth_custom_http.lua @ 5406:b86d80e21c60
mod_http_oauth2: Validate consistency of response and grant types
Ensure that these correlated fields make sense per RFC 7591 ยง 2.1, even
though we currently only check the response type during authorization.
This could probably all be deleted if (when!) we remove the implicit
grant, since then these things don't make any sense anymore.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 02 May 2023 16:34:31 +0200 |
| parents | 32d7f05e062f |
| children |
line wrap: on
line source
-- Prosody IM -- Copyright (C) 2008-2010 Waqas Hussain -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- local new_sasl = require "util.sasl".new; local json = require "util.json"; prosody.unlock_globals(); local http = require "socket.http"; prosody.lock_globals(); local options = module:get_option("auth_custom_http"); local post_url = options and options.post_url; assert(post_url, "No HTTP POST URL provided"); local provider = {}; function provider.test_password(username, password) return nil, "Not supported" end function provider.get_password(username) return nil, "Not supported" end function provider.set_password(username, password) return nil, "Not supported" end function provider.user_exists(username) return true; end function provider.create_user(username, password) return nil, "Not supported" end function provider.delete_user(username) return nil, "Not supported" end function provider.get_sasl_handler() local getpass_authentication_profile = { plain_test = function(sasl, username, password, realm) local postdata = json.encode({ username = username, password = password }); local result = http.request(post_url, postdata); return result == "true", true; end, }; return new_sasl(module.host, getpass_authentication_profile); end module:provides("auth", provider);