Comparison

mod_auth_oauth_external/mod_auth_oauth_external.lua @ 5434:92ad8f03f225

mod_auth_oauth_external: Work without token validation endpoint In this mode, only PLAIN is possible and the provided username is assumed to be the XMPP localpart.
author Kim Alvefur <zash@zash.se>
date Mon, 08 May 2023 20:01:34 +0200
parent 5433:b40299bbdf14
child 5435:b3e7886fea6a
comparison
equal deleted inserted replaced
5433:b40299bbdf14 5434:92ad8f03f225
51 end 51 end
52 local token_resp = json.decode(tok.body); 52 local token_resp = json.decode(tok.body);
53 if not token_resp or string.lower(token_resp.token_type or "") ~= "bearer" then 53 if not token_resp or string.lower(token_resp.token_type or "") ~= "bearer" then
54 return false, nil; 54 return false, nil;
55 end 55 end
56 if not validation_endpoint then
57 -- We're not going to get more info, only the username
58 self.username = jid.escape(username);
59 self.token_info = token_resp;
60 return true, true;
61 end
56 local ret, err = async.wait_for(self.profile.http_client:request(validation_endpoint, 62 local ret, err = async.wait_for(self.profile.http_client:request(validation_endpoint,
57 { headers = { ["Authorization"] = "Bearer " .. token_resp.access_token; ["Accept"] = "application/json" } })); 63 { headers = { ["Authorization"] = "Bearer " .. token_resp.access_token; ["Accept"] = "application/json" } }));
58 if err then 64 if err then
59 return false, nil; 65 return false, nil;
60 end 66 end
71 self.role = response.role; 77 self.role = response.role;
72 self.token_info = response; 78 self.token_info = response;
73 return true, true; 79 return true, true;
74 end 80 end
75 end 81 end
76 function profile:oauthbearer(token) 82 if validation_endpoint then
77 if token == "" then 83 function profile:oauthbearer(token)
78 return false, nil, extra; 84 if token == "" then
85 return false, nil, extra;
86 end
87
88 local ret, err = async.wait_for(self.profile.http_client:request(validation_endpoint, {
89 headers = { ["Authorization"] = "Bearer " .. token; ["Accept"] = "application/json" };
90 }));
91 if err then
92 return false, nil, extra;
93 end
94 local response = ret and json.decode(ret.body);
95 if not (ret.code >= 200 and ret.code < 300) then
96 return false, nil, response or extra;
97 end
98 if type(response) ~= "table" or type(response[username_field]) ~= "string" then
99 return false, nil, nil;
100 end
101
102 return response[username_field], true, response;
79 end 103 end
80
81 local ret, err = async.wait_for(self.profile.http_client:request(validation_endpoint,
82 { headers = { ["Authorization"] = "Bearer " .. token; ["Accept"] = "application/json" } }));
83 if err then
84 return false, nil, extra;
85 end
86 local response = ret and json.decode(ret.body);
87 if not (ret.code >= 200 and ret.code < 300) then
88 return false, nil, response or extra;
89 end
90 if type(response) ~= "table" or type(response[username_field]) ~= "string" then
91 return false, nil, nil;
92 end
93
94 return response[username_field], true, response;
95 end 104 end
96 return sasl.new(host, profile); 105 return sasl.new(host, profile);
97 end 106 end
98 107
99 module:provides("auth", provider); 108 module:provides("auth", provider);