Mercurial > prosody-modules
changeset 5346:d9bc8712a745
mod_auth_oauth_external: Allow setting identity instead of discovery URL
Shorter and the .well-known part is, well, well-known.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 16 Mar 2023 13:04:13 +0100 |
parents | 3390bb2f9f6c |
children | a0074038696f |
files | mod_auth_oauth_external/README.md mod_auth_oauth_external/mod_auth_oauth_external.lua |
diffstat | 2 files changed, 8 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_auth_oauth_external/README.md Thu Mar 16 12:45:52 2023 +0100 +++ b/mod_auth_oauth_external/README.md Thu Mar 16 13:04:13 2023 +0100 @@ -20,11 +20,15 @@ # Configuration +`oauth_external_issuer` +: Optional URL string representing the Authorization server identity. + `oauth_external_discovery_url` : Optional URL string pointing to [OAuth 2.0 Authorization Server Metadata](https://oauth.net/2/authorization-server-metadata/). Lets clients discover where they should retrieve access tokens from if - they don't have one yet. + they don't have one yet. Default based on `oauth_external_issuer` is + set, otherwise empty. `oauth_external_validation_endpoint` : URL string. The token validation endpoint, should validate the token
--- a/mod_auth_oauth_external/mod_auth_oauth_external.lua Thu Mar 16 12:45:52 2023 +0100 +++ b/mod_auth_oauth_external/mod_auth_oauth_external.lua Thu Mar 16 13:04:13 2023 +0100 @@ -3,8 +3,9 @@ local json = require "util.json"; local sasl = require "util.sasl"; --- TODO -- local issuer_identity = module:get_option_string("oauth_external_issuer"); -local oidc_discovery_url = module:get_option_string("oauth_external_discovery_url") +local issuer_identity = module:get_option_string("oauth_external_issuer"); +local oidc_discovery_url = module:get_option_string("oauth_external_discovery_url", + issuer_identity and issuer_identity .. "/.well-known/oauth-authorization-server" or nil); local validation_endpoint = module:get_option_string("oauth_external_validation_endpoint"); local token_endpoint = module:get_option_string("oauth_external_token_endpoint");