Mercurial > prosody-modules
changeset 5451:6705f2a09702
mod_http_oauth2: Reference grant by id instead of value
Fixes that the grant got mutated on use of refresh token, notably it
would gain 'id' and 'jid' properties set there by mod_tokenauth.
Previously also the secret token that we should not be remembering.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 12 May 2023 11:11:38 +0200 |
parents | d2594bbf7c36 |
children | b071d8ee6555 |
files | mod_http_oauth2/mod_http_oauth2.lua |
diffstat | 1 files changed, 1 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Thu May 11 21:43:23 2023 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Fri May 12 11:11:38 2023 +0200 @@ -216,12 +216,9 @@ else -- Grant exists, reuse existing refresh token refresh_token = refresh_token_info.token; - refresh_token_info.token = nil; -- Prevent persistence of *secret* token - - refresh_token_info.grant = nil; -- Prevent reference loop end - local access_token, access_token_info = tokens.create_token(token_jid, grant, role, default_access_ttl, "oauth2"); + local access_token, access_token_info = tokens.create_token(token_jid, grant.id, role, default_access_ttl, "oauth2"); local expires_at = access_token_info.expires; return {