Mercurial > prosody-modules
changeset 5665:bbde136a4c29
mod_http_oauth2: Include 'amr' claim in ID Token
This essentially just says "password authentication was used". This
field could later be used to indicate whether e.g. MFA was used.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 28 Sep 2023 16:38:29 +0200 |
parents | 4b052598e435 |
children | e5ad3f1f48bd |
files | mod_http_oauth2/mod_http_oauth2.lua |
diffstat | 1 files changed, 2 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Thu Sep 21 18:47:27 2023 -0500 +++ b/mod_http_oauth2/mod_http_oauth2.lua Thu Sep 28 16:38:29 2023 +0200 @@ -639,7 +639,7 @@ user = { username = username; host = module.host; - token = new_user_token({ username = username; host = module.host; auth_time = os.time() }); + token = new_user_token({ username = username; host = module.host; auth_time = os.time(); amr = { "pwd" } }); }; }; elseif form.user_token and form.consent then @@ -925,6 +925,7 @@ aud = params.client_id; auth_time = auth_state.user.auth_time; nonce = params.nonce; + amr = auth_state.user.amr; }); local response_type = params.response_type; local response_handler = response_type_handlers[response_type];