Mercurial > prosody-modules
changeset 5504:7d9dce4e7dd0
mod_groups_oidc: Expose groups to OAuth clients
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 01 Jun 2023 18:32:59 +0200 |
parents | 320593cf7d90 |
children | efe9e741f222 |
files | mod_groups_oidc/README.md mod_groups_oidc/mod_groups_oidc.lua |
diffstat | 2 files changed, 26 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_groups_oidc/README.md Thu Jun 01 18:32:59 2023 +0200 @@ -0,0 +1,11 @@ +--- +summary: OIDC group membership in UserInfo +labels: +- Stage-Alpha +rockspec: + dependencies: + - mod_http_oauth2 >= 200 +--- + +This module exposes [mod_groups_internal] groups to +[OAuth 2.0][mod_http_oauth2] clients via a `groups` scope/claim.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_groups_oidc/mod_groups_oidc.lua Thu Jun 01 18:32:59 2023 +0200 @@ -0,0 +1,15 @@ +local array = require "util.array"; + +module:add_item("openid-claim", "groups"); + +local group_memberships = module:open_store("groups", "map"); +local function user_groups(username) + return pairs(group_memberships:get_all(username) or {}); +end + +module:hook("token/userinfo", function(event) + local userinfo = event.userinfo; + if event.claims:contains("groups") then + userinfo.groups = array(user_groups(event.username)); + end +end);