Software /
code /
prosody-modules
Comparison
mod_http_oauth2/mod_http_oauth2.lua @ 5420:aa068449b0b6
mod_http_oauth2: Bail out of implicit flow on invalid or missing redirect
Probably hasn't been tested, and maybe never will since it's disabled
and more or less deprecated in OAuth 2.1
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 06 May 2023 12:23:22 +0200 |
parent | 5419:a0333176303c |
child | 5423:5b2352dda31f |
comparison
equal
deleted
inserted
replaced
5419:a0333176303c | 5420:aa068449b0b6 |
---|---|
335 end | 335 end |
336 local granted_scopes, granted_role = filter_scopes(request_username, params.scope); | 336 local granted_scopes, granted_role = filter_scopes(request_username, params.scope); |
337 local token_info = new_access_token(granted_jid, granted_role, granted_scopes, client, nil); | 337 local token_info = new_access_token(granted_jid, granted_role, granted_scopes, client, nil); |
338 | 338 |
339 local redirect = url.parse(get_redirect_uri(client, params.redirect_uri)); | 339 local redirect = url.parse(get_redirect_uri(client, params.redirect_uri)); |
340 if not redirect then return 400; end | |
340 token_info.state = params.state; | 341 token_info.state = params.state; |
341 redirect.fragment = http.formencode(token_info); | 342 redirect.fragment = http.formencode(token_info); |
342 | 343 |
343 return { | 344 return { |
344 status_code = 303; | 345 status_code = 303; |