prosody-modules
a1a33f0f6f6e
mod_http_oauth2/mod_http_oauth2.lua
Software / code / prosody-modules
Comparison
mod_http_oauth2/mod_http_oauth2.lua @ 6207:a1a33f0f6f6e
mod_http_oauth2: Reorder HTTP handler (noop)
More in the order they might be used, related paths together.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 16 Mar 2025 21:56:25 +0100 |
| parent | 6037:277ccafb4826 |
| child | 6211:750d64c47ec6 |
| child | 6237:4f0ed0e3ad5a |
comparison
equal
deleted
inserted
replaced
| 6206:ac7e2992fe6e | 6207:a1a33f0f6f6e |
|---|---|
| 1582 route = { | 1582 route = { |
| 1583 -- OAuth 2.0 in 5 simple steps! | 1583 -- OAuth 2.0 in 5 simple steps! |
| 1584 -- This is the normal 'authorization_code' flow. | 1584 -- This is the normal 'authorization_code' flow. |
| 1585 | 1585 |
| 1586 -- Step 1. Create OAuth client | 1586 -- Step 1. Create OAuth client |
| 1587 ["GET /register"] = { headers = { content_type = "application/schema+json" }; body = json.encode(registration_schema) }; | |
| 1587 ["POST /register"] = handle_register_request; | 1588 ["POST /register"] = handle_register_request; |
| 1588 | 1589 |
| 1589 -- Device flow | 1590 -- Device flow |
| 1590 ["POST /device"] = handle_device_authorization_request; | 1591 ["POST /device"] = handle_device_authorization_request; |
| 1591 ["GET /device"] = handle_device_verification_request; | 1592 ["GET /device"] = handle_device_verification_request; |
| 1592 | 1593 |
| 1593 -- Step 2. User-facing login and consent view | 1594 -- Step 2. User-facing login and consent view |
| 1594 ["GET /authorize"] = handle_authorization_request; | 1595 ["GET /authorize"] = handle_authorization_request; |
| 1595 ["POST /authorize"] = handle_authorization_request; | 1596 ["POST /authorize"] = handle_authorization_request; |
| 1596 ["OPTIONS /authorize"] = { status_code = 403; body = "" }; | 1597 ["OPTIONS /authorize"] = { status_code = 403; body = "" }; |
| 1597 | |
| 1598 -- Step 3. User is redirected to the 'redirect_uri' along with an | |
| 1599 -- authorization code. In the insecure 'implicit' flow, the access token | |
| 1600 -- is delivered here. | |
| 1601 | |
| 1602 -- Step 4. Retrieve access token using the code. | |
| 1603 ["POST /token"] = handle_token_grant; | |
| 1604 | |
| 1605 -- Step 4 is later repeated using the refresh token to get new access tokens. | |
| 1606 | |
| 1607 -- Step 5. Revoke token (access or refresh) | |
| 1608 ["POST /revoke"] = handle_revocation_request; | |
| 1609 | |
| 1610 -- Get info about a token | |
| 1611 ["POST /introspect"] = handle_introspection_request; | |
| 1612 | |
| 1613 -- OpenID | |
| 1614 ["GET /userinfo"] = handle_userinfo_request; | |
| 1615 | 1598 |
| 1616 -- Optional static content for templates | 1599 -- Optional static content for templates |
| 1617 ["GET /style.css"] = templates.css and { | 1600 ["GET /style.css"] = templates.css and { |
| 1618 headers = { | 1601 headers = { |
| 1619 ["Content-Type"] = "text/css"; | 1602 ["Content-Type"] = "text/css"; |
| 1625 ["Content-Type"] = "text/javascript"; | 1608 ["Content-Type"] = "text/javascript"; |
| 1626 }; | 1609 }; |
| 1627 body = templates.js; | 1610 body = templates.js; |
| 1628 } or nil; | 1611 } or nil; |
| 1629 | 1612 |
| 1630 -- Some convenient fallback handlers | 1613 -- Step 3. User is redirected to the 'redirect_uri' along with an |
| 1631 ["GET /register"] = { headers = { content_type = "application/schema+json" }; body = json.encode(registration_schema) }; | 1614 -- authorization code. In the insecure 'implicit' flow, the access token |
| 1615 -- is delivered here. | |
| 1616 | |
| 1617 -- Step 4. Retrieve access token using the code. | |
| 1618 ["POST /token"] = handle_token_grant; | |
| 1632 ["GET /token"] = function() return 405; end; | 1619 ["GET /token"] = function() return 405; end; |
| 1620 | |
| 1621 -- Step 4 is later repeated using the refresh token to get new access tokens. | |
| 1622 | |
| 1623 -- Get info about a token | |
| 1624 ["POST /introspect"] = handle_introspection_request; | |
| 1625 ["GET /introspect"] = function() return 405; end; | |
| 1626 | |
| 1627 -- Get info about the user, used for OpenID Connect | |
| 1628 ["GET /userinfo"] = handle_userinfo_request; | |
| 1629 | |
| 1630 -- Step 5. Revoke token (access or refresh) | |
| 1631 ["POST /revoke"] = handle_revocation_request; | |
| 1633 ["GET /revoke"] = function() return 405; end; | 1632 ["GET /revoke"] = function() return 405; end; |
| 1634 ["GET /introspect"] = function() return 405; end; | |
| 1635 }; | 1633 }; |
| 1636 }); | 1634 }); |
| 1637 | 1635 |
| 1638 local http_server = require "net.http.server"; | 1636 local http_server = require "net.http.server"; |
| 1639 | 1637 |
