Comparison

mod_http_oauth2/mod_http_oauth2.lua @ 5451:6705f2a09702

mod_http_oauth2: Reference grant by id instead of value Fixes that the grant got mutated on use of refresh token, notably it would gain 'id' and 'jid' properties set there by mod_tokenauth. Previously also the secret token that we should not be remembering.
author Kim Alvefur <zash@zash.se>
date Fri, 12 May 2023 11:11:38 +0200
parent 5450:d2594bbf7c36
child 5452:b071d8ee6555
comparison
equal deleted inserted replaced
5450:d2594bbf7c36 5451:6705f2a09702
214 -- Create refresh token for the grant if desired 214 -- Create refresh token for the grant if desired
215 refresh_token = refresh_token_info ~= false and tokens.create_token(token_jid, grant, nil, nil, "oauth2-refresh"); 215 refresh_token = refresh_token_info ~= false and tokens.create_token(token_jid, grant, nil, nil, "oauth2-refresh");
216 else 216 else
217 -- Grant exists, reuse existing refresh token 217 -- Grant exists, reuse existing refresh token
218 refresh_token = refresh_token_info.token; 218 refresh_token = refresh_token_info.token;
219 refresh_token_info.token = nil; -- Prevent persistence of *secret* token 219 end
220 220
221 refresh_token_info.grant = nil; -- Prevent reference loop 221 local access_token, access_token_info = tokens.create_token(token_jid, grant.id, role, default_access_ttl, "oauth2");
222 end
223
224 local access_token, access_token_info = tokens.create_token(token_jid, grant, role, default_access_ttl, "oauth2");
225 222
226 local expires_at = access_token_info.expires; 223 local expires_at = access_token_info.expires;
227 return { 224 return {
228 token_type = "bearer"; 225 token_type = "bearer";
229 access_token = access_token; 226 access_token = access_token;