Mercurial > prosody-modules

changeset 5504:7d9dce4e7dd0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_groups_oidc: Expose groups to OAuth clients
author Kim Alvefur <zash@zash.se>
date Thu, 01 Jun 2023 18:32:59 +0200
parents 320593cf7d90
children efe9e741f222
files mod_groups_oidc/README.md mod_groups_oidc/mod_groups_oidc.lua
diffstat 2 files changed, 26 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_groups_oidc/README.md	Thu Jun 01 18:32:59 2023 +0200
@@ -0,0 +1,11 @@
+---
+summary: OIDC group membership in UserInfo
+labels:
+- Stage-Alpha
+rockspec:
+  dependencies:
+  - mod_http_oauth2 >= 200
+---
+
+This module exposes [mod_groups_internal] groups to
+[OAuth 2.0][mod_http_oauth2] clients via a `groups` scope/claim.
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_groups_oidc/mod_groups_oidc.lua	Thu Jun 01 18:32:59 2023 +0200
@@ -0,0 +1,15 @@
+local array = require "util.array";
+
+module:add_item("openid-claim", "groups");
+
+local group_memberships = module:open_store("groups", "map");
+local function user_groups(username)
+	return pairs(group_memberships:get_all(username) or {});
+end
+
+module:hook("token/userinfo", function(event)
+	local userinfo = event.userinfo;
+	if event.claims:contains("groups") then
+		userinfo.groups = array(user_groups(event.username));
+	end
+end);