Comparison

mod_http_oauth2/mod_http_oauth2.lua @ 5336:77ac04bd2f65

mod_http_oauth2: Add some debug logging for UserInfo endpoint
author Kim Alvefur <zash@zash.se>
date Mon, 10 Apr 2023 10:47:51 +0200
parent 5335:53c6f49dcbb8
child 5337:8d8e85d6dc91
comparison
equal deleted inserted replaced
5335:53c6f49dcbb8 5336:77ac04bd2f65
748 748
749 local function handle_userinfo_request(event) 749 local function handle_userinfo_request(event)
750 local request = event.request; 750 local request = event.request;
751 local credentials = get_request_credentials(request); 751 local credentials = get_request_credentials(request);
752 if not credentials or not credentials.bearer_token then 752 if not credentials or not credentials.bearer_token then
753 module:log("debug", "Missing credentials for UserInfo endpoint: %q", credentials)
753 return 401; 754 return 401;
754 end 755 end
755 local token_info = tokens.get_token_info(credentials.bearer_token); 756 local token_info,err = tokens.get_token_info(credentials.bearer_token);
756 if not token_info then 757 if not token_info then
758 module:log("debug", "UserInfo query failed token validation: %s", err)
757 return 403; 759 return 403;
758 end 760 end
759 -- TODO check that they actually have access to the userinfo endpoint, aka 761 -- TODO check that they actually have access to the userinfo endpoint, aka
760 -- the 'openid' scope. Tokens currently contain the JID in plain text so 762 -- the 'openid' scope. Tokens currently contain the JID in plain text so
761 -- we're not really returning anything they did not know already. 763 -- we're not really returning anything they did not know already.