Mercurial > prosody-modules
changeset 5423:5b2352dda31f
mod_http_oauth2: Include all granted roles in scopes
The client is allowed to request a subset of granted scopes, so it makes
sense to record all granted roles so that another could be selected at
access token issuance.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 07 May 2023 19:06:37 +0200 |
parents | 72f23107beb4 |
children | b45d9a81b3da |
files | mod_http_oauth2/mod_http_oauth2.lua |
diffstat | 1 files changed, 6 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Sat May 06 17:06:13 2023 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Sun May 07 19:06:37 2023 +0200 @@ -137,8 +137,13 @@ granted_scopes = array(); end + if requested_roles then + granted_scopes:append(array.filter(requested_roles, function(role) + return can_assume_role(username, role) + end)); + end + local selected_role = select_role(username, requested_roles); - granted_scopes:push(selected_role); return granted_scopes:concat(" "), selected_role; end