# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1683715145 -7200
# Node ID e7d99bacd0e8ab0aa4347d08e7f5bfa2e5dedc36
# Parent  b3e7886fea6a745b002dade9142113018e625e2d
mod_auth_oauth_external: Make 'scope' configurable in password grant request

Needed by some OAuth servers, tested here with Mastodon

diff -r b3e7886fea6a -r e7d99bacd0e8 mod_auth_oauth_external/README.md
--- a/mod_auth_oauth_external/README.md	Mon May 08 20:12:43 2023 +0200
+++ b/mod_auth_oauth_external/README.md	Wed May 10 12:39:05 2023 +0200
@@ -78,6 +78,10 @@
 :   String. Client secret used to identify Prosody during the resource
     owner password grant.
 
+`oauth_external_scope`
+:   String. Defaults to `"oauth"`. Included in request for resource
+    owner password grant.
+
 # Compatibility
 
 ## Prosody
diff -r b3e7886fea6a -r e7d99bacd0e8 mod_auth_oauth_external/mod_auth_oauth_external.lua
--- a/mod_auth_oauth_external/mod_auth_oauth_external.lua	Mon May 08 20:12:43 2023 +0200
+++ b/mod_auth_oauth_external/mod_auth_oauth_external.lua	Wed May 10 12:39:05 2023 +0200
@@ -17,6 +17,7 @@
 -- the OAuth client? Is the XMPP client the OAuth client? What are we???
 local client_id = module:get_option_string("oauth_external_client_id");
 local client_secret = module:get_option_string("oauth_external_client_secret");
+local scope = module:get_option_string("oauth_external_scope", "openid");
 
 --[[ More or less required endpoints
 digraph "oauth endpoints" {
@@ -44,7 +45,7 @@
 					client_secret = client_secret;
 					username = map_username(username, realm);
 					password = password;
-					scope = "openid";
+					scope = scope;
 				});
 			}))
 			if err or not (tok.code >= 200 and tok.code < 300) then