Mercurial > prosody-modules
changeset 5387:e3fc52b40064
mod_rest/rest.sh: Implement RFC 7636 PKCE with the 'plain' method
The S256 code challenge method left as a future exercise.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 29 Apr 2023 14:06:51 +0200 |
| parents | 6f13200c9fc1 |
| children | 832c515b1650 |
| files | mod_rest/example/rest.sh |
| diffstat | 1 files changed, 3 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_rest/example/rest.sh Sat Apr 29 13:26:33 2023 +0200 +++ b/mod_rest/example/rest.sh Sat Apr 29 14:06:51 2023 +0200 @@ -88,10 +88,11 @@ fi if [ -z "${ACCESS_TOKEN:-}" ]; then - open "$AUTHORIZATION_ENDPOINT?response_type=code&client_id=$CLIENT_ID&scope=openid+prosody:user" + CODE_CHALLENGE="$(head -c 33 /dev/urandom | base64 | tr /+ _-)" + open "$AUTHORIZATION_ENDPOINT?response_type=code&client_id=$CLIENT_ID&code_challenge=$CODE_CHALLENGE&scope=openid+prosody:user" read -p "Paste authorization code: " -s -r AUTHORIZATION_CODE - TOKEN_RESPONSE="$(http --check-status --form "$TOKEN_ENDPOINT" 'grant_type=authorization_code' "client_id=$CLIENT_ID" "client_secret=$CLIENT_SECRET" "code=$AUTHORIZATION_CODE")" + TOKEN_RESPONSE="$(http --check-status --form "$TOKEN_ENDPOINT" 'grant_type=authorization_code' "client_id=$CLIENT_ID" "client_secret=$CLIENT_SECRET" "code=$AUTHORIZATION_CODE" code_verifier="$CODE_CHALLENGE")" ACCESS_TOKEN="$(echo "$TOKEN_RESPONSE" | jq -e -r '.access_token')" REFRESH_TOKEN="$(echo "$TOKEN_RESPONSE" | jq -r '.refresh_token')"