Mercurial > prosody-modules
changeset 3920:cf92e3b30c18
mod_http_oauth2: Use component_secret setting as password on Components
Same setting as used by external components.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 27 Feb 2020 23:17:31 +0100 |
| parents | 8ed261a08a9c |
| children | 9eabd68b8e48 |
| files | mod_http_oauth2/mod_http_oauth2.lua |
| diffstat | 1 files changed, 21 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Thu Feb 27 23:14:24 2020 +0100 +++ b/mod_http_oauth2/mod_http_oauth2.lua Thu Feb 27 23:17:31 2020 +0100 @@ -45,6 +45,27 @@ return oauth_error("invalid_grant", "incorrect credentials"); end +if module:get_host_type() == "component" then + local component_secret = assert(module:get_option_string("component_secret"), "'component_secret' is a required setting when loaded on a Component"); + + function grant_type_handlers.password(params) + local request_jid = assert(params.username, oauth_error("invalid_request", "missing 'username' (JID)")); + local request_password = assert(params.password, oauth_error("invalid_request", "missing 'password'")); + local request_username, request_host, request_resource = jid.prepped_split(request_jid); + if params.scope then + return oauth_error("invalid_scope", "unknown scope requested"); + end + if not request_host or request_host ~= module.host then + return oauth_error("invalid_request", "invalid JID"); + end + if request_password == component_secret then + local granted_jid = jid.join(request_username, request_host, request_resource); + return json.encode(new_access_token(granted_jid, request_host, nil, nil)); + end + return oauth_error("invalid_grant", "incorrect credentials"); + end +end + function handle_token_grant(event) local params = http.formdecode(event.request.body); if not params then