changeset 5191:f5a58cbe86e4

mod_http_oauth2: Derive scope from correct user details Plausible copypaste mistake
author Kim Alvefur <zash@zash.se>
date Fri, 03 Mar 2023 18:00:28 +0100 (21 months ago)
parents 1733f184e2bb
children 03aa9baa9ac3
files mod_http_oauth2/mod_http_oauth2.lua
diffstat 1 files changed, 2 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Fri Mar 03 14:22:05 2023 +0100
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Fri Mar 03 18:00:28 2023 +0100
@@ -107,7 +107,8 @@
 		return oauth_error("invalid_client", "incorrect credentials");
 	end
 
-	local granted_scopes = filter_scopes(client_owner, client_host, params.scope);
+	local request_username, request_host = jid.split(granted_jid);
+	local granted_scopes = filter_scopes(request_username, request_host, params.scope);
 
 	local code = uuid.generate();
 	local ok = codes:set(params.client_id .. "#" .. code, {